Rosalvo Automóveis: Targeted by Qiulong Ransomware Group

Incident Date: Apr 25, 2024

Attack Overview

VICTIM

Rosalvo Automovei

INDUSTRY

Business Services

LOCATION

Brazil

ATTACKER

Qiulong

FIRST REPORTED

April 25, 2024

Request Removal

Ransomware Attack on Rosalvo Automóveis by Qiulong Group

Overview of the Incident

In April 2024, Rosalvo Automóveis, a prominent used car dealership in Brazil, fell victim to a ransomware attack orchestrated by the notorious Qiulong ransomware group. The cybercriminals encrypted critical data across the company's operational spectrum, demanding a ransom of 30 BTC for the decryption keys.

Victim Profile: Rosalvo Automóveis

Founded in 1988, Rosalvo Automóveis has been a key player in the Brazilian used car market. The company specializes in buying and selling used vehicles, offering consignment sales, and providing post-sale services and negotiation consulting. Their innovative approach to the used car market has set them apart in the industry.

The company's website, which serves as a critical component of their business operations for showcasing inventory and interacting with customers, was the primary target of the attack.

Details of the Attack

The Qiulong group leveraged exposed RDP servers and vulnerabilities in FortiOS to gain initial access to Rosalvo Automóveis' network. Subsequent deployment of ransomware encrypted various types of sensitive data including personal data of clients and employees, financial records, and contractual agreements.

Qiulong Ransomware Group Profile

Qiulong is a well-known entity in the cybercrime world, particularly targeting organizations within Latin America. Their sophisticated tactics mirror those of major ransomware families like Hive and Nokayawa, utilizing advanced methods for network infiltration and data encryption.

Vulnerabilities and Industry Impact

Rosalvo Automóveis' reliance on digital platforms for business operations, coupled with insufficient cybersecurity measures against advanced ransomware tactics, made them a prime target for Qiulong. The attack not only disrupted their business operations but also posed significant reputational risks, highlighting the critical need for enhanced cybersecurity practices in the automotive sales industry.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.