Ransomware Attack on Kamo Jou Trading and Projects: A Cybersecurity Incident Analysis
Ransomware Attack on Kamo Jou Trading and Projects
Victim Profile
Kamo Jou Trading and Projects is a South African company established in 2012. They specialize in trading, procurement, and supply across various markets such as Logistics, Mining, Construction, Automotive, Energy, and Agriculture. The company is 100% black youth and female owned, with a focus on excellence and strong partnerships with leading stakeholders and suppliers. They operate in the North West and Limpopo Mine catchment area with offices in Mokopane, Polokwane, and Rustenburg. Kamo Jou Trading emphasizes values beyond business, aiming to make a positive impact on society, the environment, and the economy through community projects and ethical operations.
Company Size and Industry Standing
Kamo Jou Trading is known for its expertise in developing bespoke solutions, RFQ management, and operational excellence. They prioritize forward-thinking, operational efficiency, and understanding the socio-cultural environment in the areas they operate in. The company focuses on B2B marketing strategies, asset rightness, and adding value to customers across the supply chain process. Kamo Jou Trading boasts a proven track record, trusted reputation, long-standing relationships with suppliers and customers, and effective risk management practices.
Vulnerabilities and Attack Details
Kamo Jou Trading and Projects fell victim to a cybercrime attack by the ransomware group RansomHub. The attack involved ransomware, resulting in the exfiltration of 2 GB of data, the type of which remains undisclosed. Despite the attack, no leaked data was identified. The ransom deadline was set for May 16, 2024.
Ransomware Group - RansomHub
RansomHub is a global ransomware group that emerged in February 2024. They have targeted various entities, including Kamo Jou Trading and Projects. The group distinguishes itself by substantiating claims with data leaks and operates as a Ransomware-as-a-Service (RaaS) group. RansomHub collaborates with affiliates, offering them a significant portion of the ransom proceeds. Victims of RansomHub's attacks span various countries and sectors, with healthcare institutions being prominent targets.
Potential Penetration
It is unclear how RansomHub penetrated Kamo Jou Trading and Projects' systems. However, the company's involvement in multiple sectors and its emphasis on operational excellence and strong partnerships may have made it an attractive target for threat actors. Additionally, the company's focus on community projects and ethical operations could have inadvertently exposed vulnerabilities that were exploited by the ransomware group.
Sources:
See Halcyon in action
Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!