NoEscape attacks Beijer Ref

Incident Date: Jul 27, 2023

Attack Overview

VICTIM

Beijer Ref

INDUSTRY

Manufacturing

LOCATION

Spain

ATTACKER

Noescape

FIRST REPORTED

July 27, 2023

Request Removal

The NoEscape Ransomware Attack on Beijer Ref

The NoEscape ransomware gang has attacked Beijer Ref. Beijer Ref AB is a global company based in Sweden that specializes in the distribution and trading of refrigeration and air conditioning products. The company was founded in 1866 and has since become a significant player in the HVAC&R (Heating, Ventilation, Air Conditioning, and Refrigeration) industry. Beijer Ref operates as a wholesale distributor, supplying a wide range of products related to refrigeration and air conditioning systems. This includes components such as compressors, condensers, evaporators, controls, and other essential parts used in various cooling and climate control applications.

NoEscape's Claim and Theft

NoEscape posted the Spanish arm of Beijer Ref on July 27th, claiming to have stolen 5GB of contracts, passports and ID cards, certificates, and more.

Introduction to NoEscape Ransomware

Researchers have identified a new Ransomware-as-a-service operation known as NoEscape. The ransomware builder interface allows affiliates to customize various settings when creating the ransomware executables. However, the primary function of NoEscape is to encrypt files.

Victim Notification and Demands

Victims of NoEscape receive a note informing them that their network has been breached and infected by a group called NoEscape. The message reveals that their company documents, databases, and other crucial files have been encrypted. The perpetrators have also obtained the victims' confidential documents, personal data, and sensitive information. To regain access to their files, the victims are instructed to make a payment in exchange for a special recovery tool. Non-compliance with this demand will result in the victims' files remaining encrypted indefinitely and the stolen information being offered for sale on the darknet.

Payment Instructions

To facilitate the payment process, the victims are advised to download and install the TOR browser and access a specific link provided in the note. They must then enter their ID and follow the accompanying instructions. The directive explicitly warns the victims against making any modifications or attempting file recovery on their own, emphasizing that only the perpetrators possess the ability to restore the encrypted files.

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.