The Infamous Ransomware RansomHouse Group Hits Wangkanai Group

The Infamous ransomware RansomHouse Group has hit Wangkanai Group. No other details are available. In 1975, The Wangkanai Group started off as a single company, Limited, which was the first sugar factory established by the Group. Today, the Wangkanai Group ranks as one of Thailand’s major sugar producers, with a list of products that include raw, white, refined, and brown sugar, all of which are marketed both domestically and abroad with a crushing capacity of around 100,000 tons of sugar cane per day.

RansomHouse's Modus Operandi

RansomHouse does not maintain a RaaS (Ransomware-as-a-Service) platform. RansomHouse is a data extortion group that first emerged in December of 2021. They appear to have some level of political motivations, stating they are “pro-freedom and support the free market” and claim to not work with other hacktivists or any intelligence agencies. They made headlines in 2022 for attacking chipmaker AMD and exfiltrating 450GB of data. RansomHouse attack volumes pale compared to leading threat actors but have been steadily increasing in late 2022 and early 2023. Ransom demands have been reported to range between $1 million and $11 million.

RansomHouse's Targeting Strategy

RansomHouse appears to be opportunistic, choosing targets for ease of compromise or for ability to pay. RansomHouse is a different kind of threat actor who uniquely “blames” victim organizations for lax security. RansomHouse maintains an active leaks site where they engage in “name and shame” to put pressure on victims to pay the ransom demand. RansomHouse exfiltrates victim data for double extortion but is also observed to be actively selling stolen data to other threat actors.