RansomHub Claims Major Ransomware Attack on Overseas Shipholding Group

Incident Date: Aug 19, 2024

Attack Overview

VICTIM

Overseas Shipholding Group

INDUSTRY

Transportation

LOCATION

USA

ATTACKER

Ransomhub

FIRST REPORTED

August 19, 2024

Request Removal

RansomHub Claims Ransomware Attack on Overseas Shipholding Group

About Overseas Shipholding Group

Founded in 1948 and headquartered in Tampa, Florida, OSG operates a diverse fleet that includes Suezmax crude oil tankers, articulated tug-barge (ATB) units, and various types of medium-range (MR) tankers. The company specializes in the delivery of crude oil and petroleum products both within the United States and internationally. OSG's operations are primarily focused on U.S. flag markets, governed by the Jones Act, ensuring that only U.S.-built, U.S.-owned, and U.S.-crewed vessels operate in domestic waters.

OSG employs approximately 1,078 people and operates a fleet of 24 vessels. The company is known for its commitment to safety, environmental compliance, and high-quality service, positioning itself as a preferred carrier for major oil companies, refiners, and traders.

Attack Overview

The ransomware group RansomHub has claimed responsibility for the attack on OSG via their dark web leak site. The group alleges that they have exfiltrated over 1 TB of sensitive data from OSG's systems and have issued a threat to publish the data within the next few days if their demands are not met. The specifics of the ransom demand have not been disclosed.

About RansomHub

RansomHub is a relatively new player in the ransomware landscape, believed to have roots in Russia. The group operates as a Ransomware-as-a-Service (RaaS) entity, with affiliates receiving 90% of the ransom money and the remaining 10% going to the main group. RansomHub has targeted various countries, including the US, Brazil, Indonesia, and Vietnam, with a notable focus on healthcare-related institutions.

RansomHub's ransomware strains are written in Golang, a language that is becoming increasingly popular among ransomware developers. This choice of programming language may indicate a trend towards more sophisticated and harder-to-detect ransomware attacks.

Potential Vulnerabilities

While the exact method of penetration used by RansomHub in the OSG attack is not yet known, common vulnerabilities that ransomware groups exploit include unpatched software, weak passwords, and phishing attacks. Given OSG's extensive operations and reliance on digital systems for fleet management and logistics, any lapse in cybersecurity measures could have provided an entry point for the attackers.

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.