RansomHub Ransomware Group Targets Tape Ruvicha in Paraguay

Tape Ruvicha S.A.E.C.A., a well-established company in Paraguay's manufacturing sector, has fallen victim to a ransomware attack orchestrated by the RansomHub group. The attackers claim to have exfiltrated 12 GB of sensitive data and have threatened to release it publicly within 13 to 14 days.

About Tape Ruvicha

Founded in January 1973 by Don José Pappalardo, Tape Ruvicha has built a strong reputation over nearly 50 years. The company operates primarily as a dealership for major brands such as Ford and New Holland, and it also represents Wega filters and Beckman Coulter products. With multiple locations across Paraguay, including Asunción, Ciudad del Este, Encarnación, Katuete, and Loma Plata in the Chaco region, Tape Ruvicha has an extensive reach within the country.

Tape Ruvicha is classified as a medium-sized enterprise, boasting approximately 8,755 followers on LinkedIn. The company's commitment to quality and customer satisfaction has allowed it to maintain a strong presence in the market, adapting to changing industry demands and building lasting relationships with clients.

Attack Overview

The RansomHub ransomware group has claimed responsibility for the attack on Tape Ruvicha. The group, known for its aggressive affiliate model and double extortion tactics, has exfiltrated 12 GB of sensitive data from the company. The attackers have given Tape Ruvicha a 13 to 14-day window to comply with their demands before the data is released publicly.

About RansomHub

RansomHub emerged as a Ransomware-as-a-Service (RaaS) group in February 2024, quickly gaining notoriety for its speed and efficiency. The group uses a combination of encryption and data exfiltration to maximize pressure on victims. RansomHub's ransomware is optimized to encrypt large datasets quickly and targets a wide range of cross-platform systems, including Windows, Linux, and ESXi.

RansomHub affiliates primarily use phishing campaigns, vulnerability exploitation, and password spraying to gain initial access. The group has also leveraged zero-day vulnerabilities to penetrate systems. Once inside, they conduct multi-phase attacks involving network reconnaissance, privilege escalation, and data exfiltration before encrypting files.

Potential Vulnerabilities

Tape Ruvicha's extensive operations and partnerships with globally recognized brands make it a high-value target for ransomware groups like RansomHub. The company's reliance on critical data and its significant market presence increase the potential impact of such an attack. Vulnerabilities in unpatched systems, weak password policies, and susceptibility to phishing campaigns could have facilitated RansomHub's penetration of Tape Ruvicha's systems.

Sources

• Tape Ruvicha Official Website
• Tape Ruvicha LinkedIn Profile
• Bloomberg Company Profile
• Tape Ruvicha LinkedIn Profile (PY)