RansomHub Ransomware Hits Mexican Airport Operator OMA

Incident Date: Oct 24, 2024

Attack Overview

VICTIM

Grupo Aeroportuario del Centro Norte (OMA)

INDUSTRY

Transportation

LOCATION

Mexico

ATTACKER

Ransomhub

FIRST REPORTED

October 24, 2024

Request Removal

RansomHub Ransomware Attack on Grupo Aeroportuario del Centro Norte

Grupo Aeroportuario del Centro Norte (OMA), a key player in Mexico's transportation sector, has fallen victim to a ransomware attack by the notorious RansomHub group. This incident highlights the vulnerabilities faced by organizations in the aviation industry, particularly those with significant data assets and operational dependencies.

About Grupo Aeroportuario del Centro Norte

OMA is a prominent airport management company in Mexico, overseeing the operation and development of 13 international airports. With approximately 1,000 employees and annual revenues of around $2.5 billion USD, OMA plays a crucial role in enhancing air connectivity across northern and central Mexico. The company is known for its strategic focus on improving passenger experience and operational efficiency, making it a significant contributor to the regional and national economy.

Attack Overview

The RansomHub ransomware group claims to have infiltrated OMA's systems, exfiltrating 3 TB of sensitive data. The stolen data reportedly includes critical investment reports, financial documents, sales and accounting data, and shareholder information. Additionally, personal information of investors, client lists, and sensitive employee and customer data have been compromised. The attackers have set a ransom deadline of November 2, threatening to release the data if their demands are not met.

RansomHub's Distinctive Approach

RansomHub, a Ransomware-as-a-Service (RaaS) group, emerged in February 2024 and quickly established itself through an aggressive affiliate model. Known for its speed and efficiency, RansomHub employs double extortion tactics, combining data encryption with exfiltration to increase pressure on victims. The group targets high-value sectors, leveraging vulnerabilities in unpatched systems and using sophisticated techniques for lateral movement and data exfiltration.

Potential Vulnerabilities

OMA's extensive data assets and critical role in Mexico's transportation infrastructure make it an attractive target for ransomware groups like RansomHub. The company's reliance on digital systems for managing airport operations and passenger services presents potential entry points for cybercriminals. The attack underscores the importance of cybersecurity measures to protect sensitive data and maintain operational integrity.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.