RansomHub Cyberattack on PSG Banatski Dvor D.O.O.

Incident Date: May 30, 2024

Attack Overview

VICTIM

PSG Banatski Dvor D.O.O.

INDUSTRY

Hospitality

LOCATION

Serbia

ATTACKER

Ransomhub

FIRST REPORTED

May 30, 2024

Request Removal

Ransomware Attack on PSG Banatski Dvor D.O.O. by RansomHub

Company Profile

PSG Banatski Dvor D.O.O. is a gas storage services provider based in Serbia. Renowned for its underground gas storage facility, the company boasts a maximum capacity of 450 million cubic meters, constructed with an investment of around EUR 100 million.

Company Size

While the exact size of PSG Banatski Dvor D.O.O. is not explicitly mentioned, it is inferred that the company is a significant player in the gas storage services sector in Serbia.

Company Standout

Standing out in the industry, PSG Banatski Dvor D.O.O. is distinguished by its underground gas storage facility, a key asset in Serbia's gas storage services sector.

Company Vulnerabilities

The critical nature of PSG Banatski Dvor D.O.O.'s operations and the sensitive data it holds may have made it a target for threat actors like the RansomHub ransomware group. Potential vulnerabilities include inadequate cybersecurity measures, insufficient employee training on cybersecurity best practices, and possible weaknesses in its IT infrastructure.

Attack Overview

The RansomHub ransomware group launched a cyberattack on PSG Banatski Dvor D.O.O., exfiltrating approximately 80 GB of sensitive data. The stolen data encompassed critical files from various departments, including IT, Accounting, Finance, Projects, Client databases, Budgets, Taxes, Logistics, Production data, HR, Legal documents, KPIs, and R&D documents. Additionally, the attackers disabled the SCADA systems, causing significant operational disruptions.

Ransomware Group Profile

RansomHub operates as a Ransomware-as-a-Service (RaaS) group, distinguishing itself by making claims and backing them up with data leaks. Affiliates of the group receive 90% of the ransom money. RansomHub targets various countries and industries, including healthcare-related institutions, and its ransomware strains are written in Golang, a relatively new trend in the ransomware world.

Penetration of Company Systems

RansomHub likely penetrated PSG Banatski Dvor D.O.O.'s systems through phishing emails, exploiting vulnerabilities in the company's network, or possibly through insider threats. The group may have conducted reconnaissance to identify weaknesses in the company's cybersecurity defenses before launching the attack.

Sources:

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.