RansomHub Claims Cyberattack on Kumagai Gumi, Exfiltrates 5TB of Sensitive Data

Incident Date: Jul 20, 2024

Attack Overview

VICTIM

Kumagai Gumi Co., Ltd.

INDUSTRY

Construction

LOCATION

Japan

ATTACKER

Ransomhub

FIRST REPORTED

July 20, 2024

Request Removal

RansomHub Claims Ransomware Attack on Kumagai Gumi Co., Ltd.

Overview of Kumagai Gumi Co., Ltd.

Kumagai Gumi Co., Ltd., established in 1898 and incorporated in 1938, is a leading Japanese construction company headquartered in Shinjuku, Tokyo. The company operates primarily in the construction and civil engineering sectors, offering services such as investigation, survey, planning, design, and supervision of construction projects. With a capital of ¥30.1 billion and approximately 2,635 employees, Kumagai Gumi is known for its significant infrastructure projects, including the Tokuyama Dam and the Seikan Tunnel. The company also emphasizes environmentally friendly practices and has a strong international presence, particularly in Taiwan.

Details of the Ransomware Attack

RansomHub, a relatively new ransomware group, has claimed responsibility for a cyberattack on Kumagai Gumi Co., Ltd. The group announced the breach on their dark web leak site, stating that they had infiltrated the company's network for an extended period. During this time, they exfiltrated over 5TB of sensitive data, including various documents and client information. The attackers have threatened to release this data publicly if their demands are not met, potentially causing significant reputational damage and legal repercussions for Kumagai Gumi.

About RansomHub

RansomHub is a ransomware group believed to have roots in Russia, operating as a Ransomware-as-a-Service (RaaS) entity. Affiliates receive 90% of the ransom money, with the remaining 10% going to the main group. RansomHub's ransomware strains are written in Golang, a relatively new trend in the ransomware world. The group has targeted various countries, including the US, Brazil, Indonesia, and Vietnam, with a notable focus on healthcare institutions.

Potential Vulnerabilities and Penetration Methods

Kumagai Gumi's extensive operations and significant data repositories make it an attractive target for ransomware groups like RansomHub. The company's involvement in high-profile infrastructure projects and international collaborations increases the potential impact of a data breach. RansomHub likely penetrated Kumagai Gumi's systems through common vulnerabilities such as phishing attacks, unpatched software, or weak network security protocols. The use of Golang in their ransomware strains suggests a sophisticated approach, potentially bypassing traditional security measures.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.