RansomHub Ransomware Hits John Kellys, 450GB Data Breached
RansomHub Ransomware Attack on John Kellys
On September 2, 2024, John Kellys (London) Ltd, a well-established supplier of essential oils and aromatic chemicals, fell victim to a ransomware attack orchestrated by the notorious RansomHub group. The attack resulted in a significant data breach, compromising approximately 450GB of sensitive information. This incident has raised serious concerns about data security and the potential impact on the company's operations and reputation.
About John Kellys (London) Ltd
John Kellys (London) Ltd is a private limited company specializing in essential oils and aromatic chemicals for the flavor and fragrance industry. With over 80 years of experience, the company has built a reputation for delivering quality products and exceptional customer service. Operating as a micro-enterprise with fewer than 10 employees, John Kellys has a financial foundation, reporting total assets of approximately £3.15 million. The company’s logistical capabilities allow for rapid delivery, ensuring timely access to raw materials for their clients.
Attack Overview
The ransomware attack on John Kellys was discovered on September 2, 2024. The threat actor group RansomHub claimed responsibility for the attack, which led to the exfiltration of 450GB of sensitive data. The compromised information includes internal records, customer data, and potentially proprietary formulations. The attack has disrupted the company's operations and posed a significant threat to its reputation in the industry.
About RansomHub
RansomHub is a Ransomware-as-a-Service (RaaS) group that emerged in February 2024. Known for its aggressive affiliate model and double extortion tactics, RansomHub encrypts victims' data and exfiltrates sensitive information to increase leverage in ransom demands. The group targets high-value sectors such as healthcare, financial services, and government, exploiting vulnerabilities in unpatched systems and using sophisticated techniques for data exfiltration and encryption.
Penetration and Vulnerabilities
RansomHub likely penetrated John Kellys' systems through a combination of phishing campaigns and exploiting unpatched vulnerabilities. The group's affiliates are known for using tools like Mimikatz and PsExec for lateral movement and privilege escalation. The ransomware employs Curve 25519 elliptic curve encryption, making it difficult to decrypt without paying the ransom. John Kellys' commitment to customer engagement and data protection, as outlined in their privacy policy, underscores the severity of this breach.
Sources
See Halcyon in action
Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!