Sobha Ltd. Hit by RansomHub Ransomware, 10GB Data Stolen

Incident Date: Aug 06, 2024

Attack Overview

VICTIM

Sobha Ltd

INDUSTRY

Real Estate

LOCATION

India

ATTACKER

Ransomhub

FIRST REPORTED

August 6, 2024

Request Removal

RansomHub Targets Sobha Ltd. in Ransomware Attack

Sobha Ltd., a prominent real estate development company based in Bangalore, India, has recently fallen victim to a ransomware attack orchestrated by the RansomHub group. The attack has reportedly led to the exfiltration of 10 GB of highly sensitive data, with a ransom deadline set for August 11, 2023.

About Sobha Ltd.

Established in 1995, Sobha Ltd. is renowned for its commitment to quality, transparency, and timely delivery in the construction and real estate sector. The company operates across various Indian cities, including Bangalore, Kerala, Delhi-NCR, Chennai, Coimbatore, Mysore, and Pune. Sobha Ltd. employs approximately 3,791 individuals and reported a revenue of around ₹4,208 crores (approximately $510 million) for the fiscal year ending March 2023.

Sobha Ltd. stands out in the industry due to its philosophy of "passion at work," emphasizing quality craftsmanship and self-reliance in construction. The company has pioneered backward integration, producing many of its own construction materials to maintain high standards in its projects.

Attack Overview

In a regulatory filing, Sobha Ltd. disclosed the ransomware attack, highlighting the swift response from its management team. The company assured stakeholders that there was no significant impact on its operations. The technical team promptly implemented necessary precautions to mitigate the attack's effects and initiated measures to restore and retrieve affected systems. Despite the breach, Sobha Ltd. emphasized that its operations continue to run smoothly.

About RansomHub

RansomHub is a relatively new ransomware group believed to have roots in Russia. Operating as a Ransomware-as-a-Service (RaaS) group, RansomHub's affiliates receive 90% of the ransom money, with the remaining 10% going to the main group. The group has targeted various countries, including the US, Brazil, Indonesia, and Vietnam, without following a specific pattern. RansomHub's ransomware strains are written in Golang, a language choice that may indicate future trends in ransomware development.

Potential Vulnerabilities

Sobha Ltd.'s extensive use of technology in its operations, including advanced construction techniques and a comprehensive Customer Relationship Management (CRM) system, may have made it a target for cybercriminals. The company's reliance on digital systems for project management and customer engagement could have provided entry points for the ransomware attack.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.