RansomHouse Ransomware Attack on J & N Stone

Overview of the Victim: J & N Stone

J & N Stone Inc, established in 1973 and headquartered in Indiana, specializes in the design, fabrication, and installation of natural stone products for both residential and commercial projects. The company is well-regarded for its custom countertops, fireplaces, and outdoor living spaces, maintaining a reputation for high-quality stone products and exceptional customer service.

As a significant player in the stone industry, J & N Stone Inc has built its business on a commitment to quality and customer satisfaction, making it a trusted name in its field. The company employs approximately 49 people and generates an annual revenue of around $36.6 million.

Details of the RansomHouse Attack

In June 2024, J & N Stone became the latest victim of a ransomware attack by the RansomHouse group. Unlike traditional ransomware attacks, RansomHouse focuses on data exfiltration rather than file encryption. The attackers claimed to have stolen approximately 300 GB of sensitive data from J & N Stone, including financial and operational details, and posted evidence of the breach on their dark web leak site.

The stolen data's disclosure status was marked as "EVIDENCE," with the full release contingent on the victim's response to ransom demands. The dark web post detailing the breach had garnered nearly 9,000 views, indicating significant exposure and potential reputational damage for the company.

RansomHouse: A Unique Ransomware Group

RansomHouse distinguishes itself from other ransomware groups by not encrypting the victim's data. Instead, they exfiltrate sensitive information and use it for extortion. Emerging in late 2021, RansomHouse has been involved in several high-profile attacks and collaborates with other ransomware groups such as White Rabbit and Hive.

The group uses sophisticated methods to gain initial access to networks, often exploiting compromised credentials through Remote Desktop Services (RDS) gateways. Once inside, they employ tools like PowerShell and Mimikatz to maintain access and exfiltrate data. RansomHouse emphasizes that their actions aim to highlight companies' security deficiencies, positioning themselves as "professional mediators" rather than mere extortionists.

Vulnerabilities and Attack Vector

The specific vulnerabilities exploited in the J & N Stone attack have not been disclosed. However, common tactics used by RansomHouse include leveraging weak or compromised credentials, exploiting unpatched software vulnerabilities, and using social engineering techniques. The group's ability to navigate through a network undetected for extended periods underscores the importance of robust cybersecurity measures, such as regular security audits and employee training on identifying phishing attempts.

Sources

• RansomHouse Ransomware Victim: J & N Stone - RedPacket Security
• Unmasking “Ransom House”: A Comprehensive Analysis of a Formidable Ransomware Threat - Solace Global
• New RansomHouse Group Sets Up Extortion Market, Adds First Victims - BleepingComputer