Ransomware Attack on Advance Press by RansomHouse

Victim Overview

Advance Press, a printing company operating in the Business Services sector, was targeted in a ransomware attack by the group RansomHouse. The company offers a range of printing services, including offset printing, digital printing, and large format printing. They also provide design services and marketing materials such as brochures, business cards, and flyers. With a revenue of $5.6 million and 25 employees, Advance Press is a notable player in the industry.

Ransomware Group Profile

RansomHouse is a unique data extortion group that emerged in late 2021. Unlike traditional ransomware groups, RansomHouse focuses on stealing sensitive data from victims and threatening to publicly release it if a ransom is not paid. The group claims to be a "professional mediators community" and aims to highlight companies that neglect security measures.

Attack Overview

On March 17, 2024, Advance Press fell victim to a ransomware attack that resulted in the encryption of approximately 300GB of data. The attackers posted evidence of the breach on the dark web, attracting significant attention with 8,686 views. While an evidence pack was made downloadable, the full data dump was not released, pending the company's response to the demands.

Company Vulnerabilities

Advance Press's vulnerabilities in being targeted by threat actors may stem from the sensitive nature of the data they handle for their clients, including design files, marketing materials, and potentially confidential information. Additionally, as a printing company that likely stores a large amount of digital data, they may have been susceptible to attacks due to inadequate cybersecurity measures or employee awareness.

Sources:

• Advance Press Website
• RansomHouse Profile
• ThreatDown Article
• Avertium Resource
• SentinelOne Article
• CyberInt Blog