RansomHouse group has allegedly breached IPCA Laboratories
|Category: Adversary Intelligence||Industry: Healthcare and Pharma||Country: Asia & Pacific||Source*: C2|
- On 3 September 2022, RansomHouse group published on their PR site advertising the data of IPCA Laboratories. IPCA Laboratories is an Indian pharmaceutical multinational headquartered in Mumbai founded in 1949.
- A total of 0.5 TB of data was exfiltrated and the status of the victim is tagged as ‘encrypted’.
- A sample was provided to substantiate their claims with sensitive information such as employee PII, client folders, audit documents, and doctor profiles.
- Another file titled, ‘IT Services details’, was found to be created on 01/29/2020, by Rajesh Nawale and was last modified on 30 August 2022- indicating the likely infiltration date.
- RansomHouse was first observed in early June 2022 and has targeted approximately 10 victims so far.
- During their early inception in May, they claimed to be mediators and had no responsibility in attacking any entity. They were merely an extortion marketplace.
- Discussions even emerged hinting that Ransom House is a possibly rebranding of Hive because their user interface is exactly identical.
- One of the possible techniques to gain an initial foothold in an organization as claimed by the group themselves is compromising weak passwords.
|Threat Actor Profiling|
|Active since||May 2022|
|Reputation||High, given that there are no complaints of the group to be scammers.|
|History||Emerged as an extortion marketplace.|
|Rating||C2(C: Fairly reliable; 2: Probably true.)|