RansomHouse Ransomware Attack on Hedbergs AB

Incident Date: May 22, 2024

Attack Overview

VICTIM

Hedbergs

INDUSTRY

Construction

LOCATION

Sweden

ATTACKER

Ransomhouse

FIRST REPORTED

May 22, 2024

Request Removal

RansomHouse Ransomware Attack on Hedbergs AB

Overview of the Victim: Hedbergs AB

Hedbergs Mekaniska AB, a Swedish company founded in 1949, specializes in providing construction and renovation services, selling building materials and tools, and offering consulting services for construction projects. With a strong legacy of technological ambition, the company has been a significant player in the construction sector, known for its innovative approach and strong partnerships with major companies like Ericsson and SAPA.

The company employs between 51 and 200 people and generates an annual revenue of approximately $19.2 million. Hedbergs AB has built a reputation for its technological advancements, being one of the first in Sweden to adopt CNC punching technology in the 1980s.

Details of the RansomHouse Attack

In May 2024, Hedbergs AB fell victim to a ransomware attack orchestrated by the RansomHouse group. Unlike traditional ransomware attacks that encrypt files, RansomHouse focuses on data exfiltration. The group claimed to have stolen around 300 GB of sensitive data from Hedbergs, including potentially critical business and customer information.

The attack was first detected on March 28, 2024, with the stolen data being used as leverage to demand a ransom. RansomHouse's modus operandi involves threatening to release the stolen data publicly if the ransom is not paid, adding pressure on the victim to comply with their demands.

RansomHouse: A Unique Ransomware Group

RansomHouse distinguishes itself from other ransomware groups by not encrypting the victim's data. Instead, they exfiltrate sensitive information and use it for extortion. The group emerged in late 2021 and has since been involved in several high-profile attacks, including breaches of organizations like the Saskatchewan Liquor and Gaming Authority (SLGA) and a major company in October 2023.

RansomHouse often collaborates with other ransomware groups such as White Rabbit and Hive. They communicate with their victims through a Tor-based chat room and data leak blog, demanding ransom payments in Bitcoin.

Potential Vulnerabilities and Attack Vector

The specifics of how RansomHouse penetrated Hedbergs AB's systems have not been disclosed. However, common vulnerabilities exploited by ransomware groups include weak passwords, outdated software, and insufficient network security measures. Companies like Hedbergs, with significant technological infrastructure, need robust cybersecurity protocols to protect against such sophisticated attacks.

Sources

Detected: Hedbergs AB falls victim to the RansomHouse Ransomware - Marco Ramilli

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.