NoEscape attacks Rampi

Incident Date: Jul 25, 2023

Attack Overview
VICTIM
Rampi
INDUSTRY
Manufacturing
LOCATION
Italy
ATTACKER
Noescape
FIRST REPORTED
July 25, 2023

The NoEscape Ransomware Attack on Rampi

The NoEscape ransomware gang has attacked Rampi. Rampi is a well-established and reputable industrial equipment and machinery company. With a strong presence in the market, the company has earned recognition for its expertise and reliability in providing engineering solutions and equipment to various industries. Specializing in the design, manufacturing, and installation of heavy-duty equipment, Rampi serves diverse sectors such as mining, construction, and material handling. Their product range includes conveyor systems, bulk handling equipment, and custom-engineered solutions tailored to meet specific customer requirements. NoEscape posted Rampi to its data leak site on July 25th but provided no further details.

Understanding NoEscape Ransomware

Researchers have identified a new Ransomware-as-a-service operation known as NoEscape. The ransomware builder interface allows affiliates to customize various settings when creating the ransomware executables. However, the primary function of NoEscape is to encrypt files.

The Impact on Victims

Victims of NoEscape receive a note informing them that their network has been breached and infected by a group called NoEscape. The message reveals that their company documents, databases, and other crucial files have been encrypted. The perpetrators have also obtained the victims' confidential documents, personal data, and sensitive information. To regain access to their files, the victims are instructed to make a payment in exchange for a special recovery tool. Non-compliance with this demand will result in the victims' files remaining encrypted indefinitely and the stolen information being offered for sale on the darknet.

Payment and Recovery Instructions

To facilitate the payment process, the victims are advised to download and install the TOR browser and access a specific link provided in the note. They must then enter their ID and follow the accompanying instructions. The directive explicitly warns the victims against making any modifications or attempting file recovery on their own, emphasizing that only the perpetrators possess the ability to restore the encrypted files.

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

1
2
3
Let's get started
1
1
2
3
1
1
2
2
3
Back
Next
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.