The RansomHouse group allegedly added Lopesan Hotels to the list of victims on its extortion site, claiming that they had obtained 650GB of data regarding the hotel revenue ($382.4M) and details about 408 employees.
The group claims to have encrypted the data on March 22 2024 while stating that the company is not interested in the confidential data being leaked on the internet.
The Lopesan Hotel Group is a family-owned group that began its activities in 1972 as group that takes on public construction projects. The hotel chain later scaled to become a multinational company, operating from its headquarters in the Gran Canaria islands.
RansomHouse Group Shares Details on the Lopesan Hotels Cyberattack
The Cyber Express has reached out to the hotel group to learn more about this Lopesan Hotels cyberattack. However, at the time of writing this, no official statement or response has been received, leaving the claims for this intrusion stand unverified right now.
However, the hacker group alleges that along with the claims of the cyberattack, the group added that the hotel chain is failing to resolve the cyberattack situation, stating, “Dear Lopesan Hotel Group, We are sure that you are not interested in your confidential data to be leaked or sold to a third party. We highly advise you to start resolving that situation.”
Moreover, RansomHouse shared a link to the downloadable data that doesn’t require any password, making the data available to all the users on the data leak site.
RansomHouse Group is Known to Target High-Value Targets
The ransomware gang that claimed this attack began as a ransomware-as-a-service operation that emerged in late 2021 with active attacks against the networks of large enterprises and high-value targets. RansomHouse initially began targeting Italy, but later began targeting countries such as the United States and Spain.
The group primarily tends to target the industrial and technology sectors and set up a victim extortion page on May 2022.
In the words of RansomHouse representatives, the group claims to not encrypt data and that they are ‘extortion only,’ claiming itself as a ‘force for good’ that intends ‘shine a light’ on companies with poor security practices. The group has been observed accepting only Bitcoin payments.
The group’s operations tend to be smaller and more sophisticated than some of the bigger contemporary ransomware groups. They are known to recruit members on prominent underground marketplaces and utilize a Tor-based chat room for ransom negotiations.
Since the group tends to conduct extortion only attacks, their techniques tend to be stealthier and quicker as no encryption process occurs and typical ransomware detection triggers are avoided.
RansomHouse Group Was Responsible for Massive Data Breaches
The RansomHouse group recently developed a new tool dubbed as ‘MrAgent’ that targets VMware ESXi hypervisors typically known to house valuable data. The group targeted several large-sized organizations through the last year.
Their campaigns include attacks such as the theft of 450 GB of data from the semi-conductor giant AMD, an attack disrupting the healthcare services of the Hospital Clínic de Barcelona in Spain, and an an attack on Shoprite, Africa’s largest supermarket chain
The sophistication of the RansomHouse group’s campaigns and scale of their attacks demand heightened vigilance and proactive defense strategies to safeguard against similar breaches, despite their claims to be a positive force.
As for the Lopesan Hotels cyberattack, this is an ongoing story. The Cyber Express will be monitoring the situation and we’ll update this post once we have more information on this alleged attack or any official confirmation from Lopesan Hotels.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
