NoEscape attacks Schwob AG

Incident Date: Oct 25, 2023

Attack Overview

VICTIM

Schwob AG

INDUSTRY

Manufacturing

LOCATION

Switzerland

ATTACKER

Noescape

FIRST REPORTED

October 25, 2023

Request Removal

NoEscape Ransomware Targets Schwob AG

The Attack on Schwob AG

NoEscape ransomware group claimed responsibility for attacking Schwob AG in Switzerland. The group provided a deadline of five for the victim to reach out and pay the ransom. The criminal group claimed that they had seized 238GB of data. Schwob, established in 1872, manufactures and cares for textile and linen.

Emergence of NoEscape

NoEscape – assessed to be a spinoff of the disbanded Avaddon gang -- emerged in May of 2023 and operates as a Ransomware-as-a-Service (RaaS) and emerged with variants for targeting both Windows, Linux, and VMware ESXi systems. NoEscape provides affiliates with 24/7 technical support, communications, and negotiation assistance, as well as an automated RaaS platform update feature. Having just recently emerged, NoEscape has rapidly become one of the more prolific attack groups, with attack volume escalating significantly in the second quarter of 2023.

Ransom Demands and Profit Sharing

It is unclear how high the typical NoEscape ransom demands tend to be, but it has been observed that profit sharing with affiliates is on par or even more attractive than other groups with ransoms over $3 million netting 90/10 split with affiliates taking the lion’s share. NoEscape is written in C++ and is relatively unique in the space in that the developers opted to build the RaaS platform from scratch rather than rely on code reuse from other ransomware variants. NoEscape ransomware payloads support multiple encryption options ranging from extra fast to extra strong encryption and leverages RSA and ChaCHA20 encryption algorithms with a single key for all impacted files for faster decryption of a ransom is paid.

Technical Capabilities and Targets

NoEscape can operate in safe mode to bypass security tools, terminate processes, erase VSS shadow copies and system back-ups to thwart recovery efforts, and abuse Windows Restart Manager to circumvent processes not terminated. NoEscape operations target a wide array of industry verticals with a focus on Professional Services, Manufacturing, Information Technology, and Healthcare. NoEscape offers its RaaS platform to affiliate attackers and operations typically include data exfiltration or other actions to be leveraged in double extortion schemes such as a denial-of-service option for a hefty additional fee to the affiliate. NoEscape maintains a TOR-based leaks site to name-and-shame victims.

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.