RansomHub Ransomware Hits French Engineering Firm IPH Ingénierie
RansomHub Targets IPH Ingénierie in Devastating Ransomware Attack
IPH Ingénierie, a prominent French engineering firm, has recently fallen victim to a ransomware attack orchestrated by the notorious RansomHub group. The attack has resulted in the exfiltration of a significant amount of sensitive data, raising serious concerns about cybersecurity measures within the company.
About IPH Ingénierie
IPH Ingénierie is a multifaceted engineering firm based in La Vaupalière, Normandie, France. Specializing in various sectors including construction, mining, and environmental consultancy, the company employs around 50 professionals and generates an estimated annual revenue of approximately €5 million. The firm is particularly recognized for its expertise in collective housing, educational institutions, healthcare facilities, and public buildings. Their comprehensive approach integrates fluid mechanics, structural engineering, civil engineering, and construction economics, making them a notable player in the French engineering sector.
Attack Overview
The ransomware attack on IPH Ingénierie was claimed by RansomHub via their dark web leak site. The attackers exfiltrated a significant amount of sensitive data, including directories such as "BH Agence_Lyon," which contains an archive PST file, and "BH Commercial," which includes subdirectories like "Direction" and "DOSSIERS_INTER_AGENCES." Additionally, the "Outlook" directory with "SauvesQL" files and a tree structure labeled "IPH_HARLY.6¢" were also accessed and exfiltrated. This breach underscores the critical need for enhanced cybersecurity measures to protect against sophisticated ransomware threats.
About RansomHub
RansomHub, a Ransomware-as-a-Service (RaaS) group, emerged in February 2024 and quickly established itself in the ransomware landscape. The group is known for its aggressive affiliate model and double extortion tactics, which involve encrypting victims' data and exfiltrating sensitive information for additional leverage in ransom demands. RansomHub's ransomware is optimized to encrypt large datasets quickly and targets a wide range of cross-platform systems, including Windows, Linux, and ESXi.
Penetration and Vulnerabilities
RansomHub affiliates primarily use phishing campaigns, vulnerability exploitation, and password spraying to gain initial access. In the case of IPH Ingénierie, the attackers likely exploited unpatched systems or leveraged zero-day vulnerabilities to penetrate the company's defenses. The group's advanced data exfiltration techniques and fast encryption processes make it a formidable threat to organizations worldwide.
See Halcyon in action
Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!