Rhysida Ransomware Strikes Kiemle-Hankins, Disrupting Industrial Services

Incident Date: Jun 15, 2024

Attack Overview

VICTIM

Kiemle-Hankins

INDUSTRY

Manufacturing

LOCATION

USA

ATTACKER

Rhysida

FIRST REPORTED

June 15, 2024

Request Removal

Rhysida Ransomware Group Targets Kiemle-Hankins in Devastating Cyber Attack

Overview of Kiemle-Hankins

Kiemle-Hankins, headquartered in Perrysburg, Ohio, is a prominent industrial service and repair provider with over 80 years of experience. The company specializes in electrical and mechanical services, offering comprehensive solutions for the maintenance, repair, and optimization of industrial equipment. With five state-of-the-art facilities across Ohio, Michigan, Kentucky, Indiana, and Illinois, Kiemle-Hankins serves a diverse range of industries, including manufacturing, utilities, and commercial sectors. The company generated $22.3 million in revenue recently and employs over 100 skilled technicians and professionals.

Details of the Ransomware Attack

On a recent date, Kiemle-Hankins fell victim to a ransomware attack orchestrated by the Rhysida Ransomware Group. The attackers have claimed responsibility for the breach and are auctioning off exclusive data stolen from the company. The data auction deadline is set for 6 days and 23 hours, with a ransom price of 5 BTC (Bitcoin). The attack has significantly impacted Kiemle-Hankins' operations, threatening the confidentiality and integrity of their critical data.

About the Rhysida Ransomware Group

The Rhysida Ransomware Group emerged in May 2023 and has since targeted various sectors, including education, healthcare, manufacturing, information technology, and government. Rhysida ransomware is written in C++ and primarily targets Windows Operating Systems. The group employs a double extortion technique, stealing data before encrypting it and threatening to publish it on the dark web unless a ransom is paid. Rhysida uses the ChaCha20 encryption algorithm and generates ransom notes as PDF documents named “CriticalBreachDetected.pdf.”

Penetration and Impact

Rhysida typically gains initial access through phishing campaigns and leveraging valid credentials. They establish network connections via VPN and use tools like Advance IP/Port Scanner and Sysinternals PsExec for lateral movement. The group's unpredictable activity pattern and sophisticated techniques make them a formidable threat. The attack on Kiemle-Hankins underscores the vulnerabilities in industrial sectors, where the disruption of critical services can have far-reaching consequences.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.