Ransomware Attack on ORIUX by RansomHub

Victim Overview

ORIUX, a leading provider of Intelligent Transportation Systems (ITS) and Traffic Management solutions, was targeted in a ransomware attack by the cybercrime group RansomHub in May 2024. The company operates in the Transportation sector and has a global presence in over 250 cities worldwide, with more than 50,000 traffic intersections deployed. ORIUX is known for its innovative technology solutions focused on creating safer and more efficient traffic mobility.

Attack Details

The attackers exfiltrated 300 GB of sensitive data from ORIUX, including accounting records, HR information, financial reports, client data, and contracts. A sample of this data has been leaked on the dark web. Despite the breach, details about the ransom demand have not been disclosed, highlighting the ongoing threat of ransomware attacks on organizations.

Ransomware Group: RansomHub

RansomHub is a new ransomware group that has emerged in the cyber threat landscape, distinguishing itself by making claims and backing them up with data leaks. The group operates as a Ransomware-as-a-Service (RaaS) group, with affiliates receiving 90% of the ransom money. RansomHub has targeted various countries, including the US, Brazil, Indonesia, and Vietnam, with healthcare-related institutions among the victims.

How the Attack Happened

The group's ransomware strains are written in Golang, a relatively new trend in the ransomware world. This language choice may indicate a shift towards future trends in ransomware attacks. The use of AI technology has also impacted ransomware, making attacks more effective and increasing their volume. ORIUX's vulnerabilities may have been exploited through a combination of social engineering tactics, phishing emails, or unpatched software vulnerabilities.

Sources:

• ORIUX - About Us
• Socradar - RansomHub Profile
• Barracuda Blog - AI Ransomware