Ransomware Attack on City of Neodesha by RansomHub

Victim Overview

The City of Neodesha, located in southeast Kansas, is a thriving community known for its blend of big industry and small-town charm. The city serves as a major manufacturing hub and employment center, with a population of over 2,200 residents and a daily influx of 2,600 more as part of the local workforce.

Company Profile

The organization operates within the city and is registered as "City of Neodesha." Their size is described as having 11-50 employees, but specific revenue details are not provided. Neodesha is recognized for its commitment to innovation, with a strong history rooted in American manufacturing and industry. The city's strategic location where US Highways 75 and 400 meet contributes to its status as a major manufacturing hub.

Attack Details

The cybercrime group RansomHub targeted the City of Neodesha using ransomware as their attack method. The victim's website was compromised, and approximately 35 GB of data was stolen. The attack poses significant concerns for the city's privacy and security.

Ransomware Group Profile

RansomHub is a new ransomware group that distinguishes itself by making claims and backing them up with data leaks. The group operates as a Ransomware-as-a-Service (RaaS) group, with roots believed to be in Russia. RansomHub targets various countries and industries, including healthcare-related institutions.

Penetration Method

The group's ransomware strains are written in Golang, a relatively new trend in the ransomware world. The use of AI technology has made ransomware attacks more effective, increasing their volume. The group may have penetrated the City of Neodesha's systems through vulnerabilities in their cybersecurity defenses.

Sources:

• neodesha.org
• socradar.io
• blog.barracuda.com