Ransomware Attack on BTS Biogas by Hunters International

BTS Biogas, a leading company in the renewable energy sector, has recently fallen victim to a ransomware attack orchestrated by the Hunters International group. The attack has resulted in the exfiltration of 82.1 GB of sensitive data, including personally identifiable information (PII), financial data, and customer information.

About BTS Biogas

Established in 1996, BTS Biogas specializes in the design, construction, and management of biogas and biomethane plants. With over 25 years of experience, the company operates internationally, providing tailored solutions that convert organic waste into renewable energy. Their operations are anchored in sustainability and the circular economy, focusing on anaerobic digestion to produce high-quality biogas from agricultural by-products, food waste, and wastewater.

BTS Biogas employs over 100 individuals and has a significant presence in Italy, France, the UK, and the US. The company is known for its innovative approach, exemplified by METANlab, Italy's first laboratory dedicated to biogas research. This commitment to innovation and sustainability has positioned BTS Biogas as a key player in the renewable energy market.

Attack Overview

The ransomware attack on BTS Biogas was claimed by Hunters International via their dark web leak site. The attackers reportedly infiltrated the company's systems and exfiltrated a substantial amount of data. The breach has exposed 69,003 files, including sensitive PII, financial data, and customer information. This incident underscores the vulnerabilities that even well-established companies in the renewable energy sector face from sophisticated cyber threats.

About Hunters International

Hunters International is a Ransomware-as-a-Service (RaaS) group that emerged in Q3 of 2023, following the disruption of the Hive ransomware group. The group exhibits significant technical overlap with Hive, suggesting an evolution or offshoot of the dismantled operation. Their ransomware code contains approximately 60% overlap with Hive ransomware version 61, indicating a shared technical lineage.

Hunters International focuses on exfiltrating target data and extorting victims with ransom demands. The group has targeted victims across various regions, including the US, UK, Germany, and Namibia. Investigations have revealed potential ties to Nigeria, although the group uses fake identities and methods to conceal their true origins.

Penetration and Impact

The exact method of penetration used by Hunters International in the BTS Biogas attack remains unclear. However, given the group's technical sophistication and operational strategies, it is likely that they exploited vulnerabilities in the company's cybersecurity infrastructure. The attack has resulted in significant data breaches, financial losses, and potential reputational damage to BTS Biogas.

• BTS Biogas Official Website
• BTS Biogas - Who We Are
• BTS Biogas - Company Profile
• SOCRadar - Dark Web Profile: Hunters International
• Global Security Mag - Hive Ransomware's Offspring: Hunters International Takes the Stage