Gimex Compromised by RA Group Ransomware

Details of the Attack

Gimex has reportedly been compromised by the RA Group ransomware group. The attack allegedly led to the exfiltration of 50 GB of data, including financial documents, insurance contracts, accounting department files, terrestrial files archives, settlement receipts, and other files. Samples of the data have been published.

About Gimex SA

Gimex SA operates as a logistics company in Spain. It offers logistics management, warehousing, transport management, and cargo services.

RA World Ransomware Gang

The RA World (previously the RA Group) ransomware gang has successfully breached entities around the globe since it first reared its ugly head in April 2023. This ransomware group first exfiltrates victims’ data and then deploys its encryption malware. The group behind it maintains both TOR and non-TOR websites for leaking stolen data. Moreover, the ransomware is programmed to eliminate Volume Shadow Copies and system backups, stopping any attempts at system recovery in their tracks.

Infection Pathway

Specific details regarding the infection pathway utilized by the RA World are not available. However, it is unlikely to deviate significantly from methods employed by other ransomware collectives.

Global Impact

Instances of RA World ransomware have been identified through submissions to a publicly accessible file scanning service originating from various countries, including the Netherlands, France, the United Kingdom, the Czech Republic, Poland, Colombia, and Japan. At present, the data leak sites associated with the ransomware name 23 victims distributed across several countries, including Germany, the UK, the US, Italy, Poland, India, Taiwan, Mexico, France, Thailand, and Korea.