RansomHub Ransomware Hits Amplicon International: 313GB Data at Risk

Incident Date: Aug 07, 2024

Attack Overview

VICTIM

Amplicon International

INDUSTRY

Manufacturing

LOCATION

United Kingdom

ATTACKER

Ransomhub

FIRST REPORTED

August 7, 2024

Request Removal

RansomHub Ransomware Attack on Amplicon International

Amplicon International, a UK-based leader in industrial computing and data communication solutions, has fallen victim to a ransomware attack orchestrated by the RansomHub group. The attackers claim to have exfiltrated 313 GB of sensitive organizational data and have threatened to release it within 15 to 16 days if their demands are not met. This incident underscores the growing threat of ransomware attacks on critical industrial sectors.

About Amplicon International

Founded over 50 years ago, Amplicon International specializes in the design and manufacture of advanced technology solutions for various industrial applications. The company is renowned for its industrial computers, data acquisition systems, and EMC testing services. Amplicon’s commitment to quality is evidenced by its ISO 9001:2015 certification and compliance with WEEE and RoHS directives. The company’s products are widely used in sectors such as process control, factory automation, defense, and transportation.

Attack Overview

RansomHub, a relatively new ransomware group, has claimed responsibility for the attack on Amplicon International. The group has provided sample screenshots on their dark web portal to substantiate their claims. The attackers have indicated that they accessed a substantial amount of data, which they plan to publish if their ransom demands are not met. This attack highlights the vulnerabilities that even well-established companies face in the current cyber threat landscape.

RansomHub: A New Threat

RansomHub operates as a Ransomware-as-a-Service (RaaS) group, with affiliates receiving the majority of the ransom payments. The group is believed to have roots in Russia and has targeted various countries, including the US, Brazil, Indonesia, and Vietnam. RansomHub’s ransomware strains are written in Golang, a programming language that is becoming increasingly popular among cybercriminals. This choice of language may indicate a trend towards more sophisticated and harder-to-detect ransomware attacks.

Potential Vulnerabilities

While the specific method of penetration used by RansomHub in the Amplicon attack is not yet clear, common vulnerabilities in industrial sectors include outdated software, insufficient network segmentation, and inadequate employee training on cybersecurity best practices. Amplicon’s extensive network of distributors and its involvement in critical infrastructure sectors may have made it an attractive target for ransomware groups seeking to maximize their impact.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.