Ransomware Attack on Sonol by Handala Group: In-Depth Analysis and Impact

Incident Date: Jul 11, 2024

Attack Overview

VICTIM

Sonol

INDUSTRY

Energy, Utilities & Waste

LOCATION

Israel

ATTACKER

Handala

FIRST REPORTED

July 11, 2024

Request Removal

Ransomware Attack on Sonol by Handala Group: A Detailed Analysis

Overview of Sonol

Sonol Israel Ltd., established in 1917, is a major player in Israel's energy sector, operating approximately 240 gas stations and 180 convenience stores branded as "So Good." The company, acquired by the Azrieli Group in 2006, employs around 2,200 staff members. Sonol has diversified its services to include electric vehicle charging stations, reflecting a commitment to sustainable energy solutions. The company is also known for its philanthropic efforts, supporting medical research and children with chronic illnesses.

Details of the Ransomware Attack

The ransomware group Handala has claimed responsibility for a recent cyberattack on Sonol. The attack resulted in a significant data breach, with 54 GB of data being dumped online. Handala justified their actions by citing geopolitical motives, specifically the plight of their people. They claimed to have previously warned all fuel stations via SMS. The group highlighted an increase in fuel consumption by 21% in October of the previous year as part of their rationale.

About Handala Group

Handala is a cybercriminal organization known for its pro-Palestinian agenda and history of targeting Israeli institutions. The group has been involved in various high-profile cyberattacks, including breaches of radar systems and the Iron Dome missile defense systems. Handala employs sophisticated tactics such as phishing campaigns and multi-stage malware loading processes to compromise their targets.

Potential Vulnerabilities

Sonol's extensive operations and significant market presence make it a lucrative target for cybercriminals. The company's involvement in critical infrastructure, such as fuel distribution and electric vehicle charging, adds to its vulnerability. The attack on Sonol underscores the importance of robust cybersecurity measures, especially for companies operating in sectors critical to national infrastructure.

Penetration Tactics

Handala likely penetrated Sonol's systems through sophisticated phishing campaigns, which may have included emails written in Hebrew to deliver malware. The group's use of multi-stage loading processes involving obfuscated scripts and shellcode could have bypassed traditional security measures, leading to the successful breach and subsequent data dump.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.