The RansomHub group has claimed a cyberattack on PSG BANATSKI DVOR D.O.O., a gas storage services provider based in Serbia. The claims for this RansomHub cyberattack were posted on May 28, 2024, and revealed sensitive data about the organization, targeting the security of critical infrastructure and the integrity of sensitive data.
According to the threat actor post, the RansomHub exfiltrated a substantial amount of data totaling 80 GB. Among the stolen information are critical files encompassing IT, Accounting, Finance, Projects, Client database (in SQL format), Budgets, Taxes, Logistics and supply chain management, Production data, HR, Legal data, KPI, and R&D documents.
Additionally, the threat actors has allegedly disabled the SCADA (Supervisory Control and Data Acquisition) systems, further exacerbating the operational impact of the attack.
RansomHub Cyberattack Allegedly Targets PSG BANATSKI DVOR
The cybercriminals have set a deadline of 5 days for the potential leak of the stolen data, adding urgency to the situation. The implications of such a breach extend beyond PSG BANATSKI DVOR, affecting not only the company but also its clients and stakeholders.
The Cyber Express has reached out to the Serbian gas service provider to learn more about the authenticity of this alleged PSG BANATSKI DVOR cyberattack. However, at the time of writing this, no official statement or response has been received, leaving the claims for this RansomHub cyberattack stand unconfirmed.
Moreover, the PSG BANATSKI DVOR website is currently nonfunctional and is displaying a “took too long to respond” error. This error, often associated with cyberattacks, suggests disruptions in the normal functioning of the website, possibly due to overwhelming server loads or exploitation of vulnerabilities in the site’s infrastructure.
Threat Actor Blames Employee for the PSG BANATSKI DVOR Cyberattack
Apart from allegedly claiming a cyberattack on PSG BANATSKI DVOR, the threat actor is demanding cooperation, or else they’ll expose it.
“We have all the important files, such as: IT, Accounting, Finance, Projects, Client database (in SQL format) Budgets, Taxes, Logistics and supply chain management, Production data, HR, Legal data, KPI, R&D. Over 80 GB of sensational information has been downloaded”, says the hacker.
Additionally, the group blames an employee named Dejan Belić for the breach. The threat actors have previously targeted similar victims and share similarities with traditional Russian ransomware groups while refraining from targeting certain countries and non-profits.
Their victims span various countries, including the US and Brazil, with healthcare institutions being particularly targeted. While major corporations haven’t been hit yet, the breadth of targeted sectors is concerning.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.