RansomHub Ransomware Attack on Bitz Softwares

Overview of Bitz Softwares

Bitz Softwares is a Brazilian company based in Pato Branco, Parana, specializing in the development and provision of software solutions tailored to meet the needs of various industries. The company focuses on creating innovative, efficient, and user-friendly software products that help businesses streamline their operations, improve productivity, and enhance overall performance. Their offerings include enterprise resource planning (ERP) systems, customer relationship management (CRM) software, and other specialized applications designed to integrate seamlessly with existing systems.

With a workforce of between 51-200 employees, Bitz Softwares also provides custom software development services, working closely with clients to develop bespoke solutions that address specific challenges. The company places a strong emphasis on customer support, offering ongoing maintenance and support services to ensure optimal software performance.

Details of the Ransomware Attack

Bitz Softwares recently fell victim to a ransomware attack orchestrated by the RansomHub group. The attackers claimed to have stolen confidential data and crashed the company's network. They threatened to leak all the obtained files, databases, and credentials, which include sensitive information from customers and employees, unless contacted for negotiation. Additionally, RansomHub reported acquiring a substantial database of over 320,000 credit cards from more than 3,500 hotels, along with all associated customer information. They warned that if their demands were not met, they would leak half of the credit card data and sell the remaining information.

About RansomHub

RansomHub is a new ransomware group that has recently emerged in the cyber threat landscape, distinguishing themselves by making claims and backing them up with data leaks. The group is believed to have roots in Russia, with operations resembling a traditional Russian ransomware setup. RansomHub operates as a Ransomware-as-a-Service (RaaS) group, with affiliates receiving 90% of the ransom money and the remaining 10% going to the main group.

The group has targeted various countries without following a specific pattern, including the US, Brazil, Indonesia, and Vietnam. Healthcare-related institutions are among the listed victims, with Change Healthcare being a notable target. RansomHub's ransomware strains are written in Golang, a relatively new trend in the ransomware world, which may indicate a step towards future trends in ransomware development.

Potential Vulnerabilities and Penetration Methods

While specific details on how RansomHub penetrated Bitz Softwares' systems are not publicly available, common vulnerabilities that ransomware groups exploit include weak or compromised passwords, unpatched software vulnerabilities, and phishing attacks. Given Bitz Softwares' focus on integrating their solutions with existing systems, any weaknesses in these integrations could have been exploited by the attackers. Additionally, the use of Golang by RansomHub suggests a sophisticated approach that may have bypassed traditional security measures.

Sources

• Bitz Softwares Official Website
• Dun & Bradstreet - Bitz Softwares Profile
• LinkedIn - Bitz Softwares
• SOCRadar - Dark Web Profile: RansomHub