RansomHub Ransomware Attack on Polyco Healthline: A Critical Disruption in PPE Supply Chain

Polyco Healthline, a leading provider of personal protective equipment (PPE) and hygiene products, has become the latest victim of a ransomware attack orchestrated by the notorious cybercriminal group RansomHub. The attack has compromised the company's website, www.polycohealthline.com, potentially disrupting their operations and affecting their ability to deliver essential products to their diverse clientele.

About Polyco Healthline

Polyco Healthline, established through the merger of Polyco and HPC Healthline, is a prominent supplier of PPE and hygiene products in the UK market. The company specializes in a wide range of products, including reusable and disposable gloves, disposable workwear, infection control solutions, aprons, and bags. With a workforce of approximately 111 employees and an annual revenue of $50.1 million, Polyco Healthline is recognized for its commitment to innovation, sustainability, and customer service.

The company emphasizes operational excellence, providing comprehensive services that encompass sourcing, supply, storage, and delivery. Their dedicated technical team ensures that all products meet necessary safety and quality benchmarks, further solidifying their reputation as a trusted partner in workplace safety and hygiene.

RansomHub: A Formidable Ransomware Group

RansomHub, a Ransomware-as-a-Service (RaaS) group, emerged in February 2024 and quickly established itself as a significant player in the ransomware landscape. Known for its aggressive affiliate model and double extortion tactics, RansomHub encrypts victims' data and exfiltrates sensitive information to increase leverage in ransom demands. The group has close ties with the now-defunct Knight ransomware group and affiliates from ALPHV/BlackCat.

RansomHub's ransomware is optimized for speed and efficiency, capable of encrypting large datasets quickly across various platforms, including Windows, Linux, and ESXi. The group employs advanced data exfiltration techniques and intermittent encryption to minimize encryption time while maintaining impact.

Attack Overview

The ransomware attack on Polyco Healthline underscores the growing threat of ransomware attacks on critical supply chains and essential service providers. The attack has compromised the company's website, potentially disrupting their ability to deliver essential PPE and hygiene products to businesses and homes across the UK and internationally.

RansomHub affiliates likely gained initial access through phishing campaigns, vulnerability exploitation, or password spraying. Once inside, they conducted network reconnaissance, escalated privileges, and exfiltrated data before encrypting files. The group's use of Curve 25519 elliptic curve encryption and modular architecture allows for rapid updates to evade detection, making them a formidable threat to organizations worldwide.

• Polyco Healthline
• Company Information
• RocketReach Profile
• Endole Insight
• Transparity Customer Stories