RansomHub Ransomware Hits Djibouti Ports Authority: Key Details
RansomHub Ransomware Attack on Djibouti Ports & Free Zones Authority
On August 28, 2024, the Djibouti Ports & Free Zones Authority (DPFZA), operating under the domain "dpfza.gov.dj," was targeted by a ransomware attack orchestrated by the cybercriminal group RansomHub. This incident has raised significant concerns about the security of critical infrastructure in Djibouti, a country strategically positioned at the crossroads of major global shipping routes.
About Djibouti Ports & Free Zones Authority (DPFZA)
DPFZA is a governmental entity responsible for managing Djibouti's ports, free zones, and related infrastructure. Established in 2003, the authority plays a crucial role in promoting Djibouti as a strategic trade and logistics hub. DPFZA oversees the administration and operational management of facilities such as the Port of Djibouti and the Djibouti International Free Trade Zone (DIFTZ). The authority employs between 51 and 200 individuals, although some reports suggest the number could be as high as 1,000.
Strategic Importance and Vulnerabilities
DPFZA's strategic initiatives, including a $15 billion expansion program, aim to enhance infrastructure and position Djibouti as a key logistics and transport hub for Africa. The authority's critical role in facilitating international trade and logistics makes it a high-value target for cybercriminals. The reliance on digital systems for operations and the handling of sensitive data further expose DPFZA to ransomware attacks.
Attack Overview
The ransomware attack by RansomHub has potentially disrupted DPFZA's mission to establish Djibouti as a premier maritime and commercial hub in Africa. The specifics of the data leak, including its size, remain unknown. However, the attack poses significant risks to DPFZA's operations, potentially affecting the economic growth and regional connectivity facilitated by the authority.
About RansomHub
RansomHub, a Ransomware-as-a-Service (RaaS) group, emerged in February 2024. The group is known for its aggressive affiliate model and double extortion tactics, encrypting victims' data and exfiltrating sensitive information for additional leverage in ransom demands. RansomHub's ransomware is optimized to encrypt large datasets quickly and targets a wide range of cross-platform systems, including Windows, Linux, and ESXi.
Penetration Methods
RansomHub affiliates primarily use phishing campaigns, vulnerability exploitation, and password spraying to gain initial access. The group has also leveraged zero-day vulnerabilities. Once inside the network, they conduct multi-phase attacks involving network reconnaissance, privilege escalation, and data exfiltration before encrypting files. The use of advanced data exfiltration techniques and intermittent encryption makes RansomHub a formidable threat to organizations worldwide.
See Halcyon in action
Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!