Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

Exclusive: Melbourne-based Regent Caravans confirms RansomHub attack

The luxury caravan maker has suffered a data breach following a 4 August attack by a highly aggressive ransomware gang.

user icon David Hollingworth
Wed, 21 Aug 2024
Exclusive: Melbourne-based Regent Caravans confirms RansomHub attack
expand image

Regent Caravans, a luxury caravan maker and dealer headquartered in Melbourne’s northern suburbs, has confirmed it was the victim of a cyber attack carried out by the RansomHub ransomware gang.

RansomHub listed Regent Caravans as a victim on its darknet leak site on 17 August, claiming to have stolen 30 gigabytes of data. That data was then shared overnight on 20 August and included a large amount of CAD files for the company’s caravans, ordering details, and a folder full of ID card photos of the company’s employees.

Regent Caravans CEO Andrew Crank told Cyber Daily that the attack occurred on 4 August and was detected on 5 August.

============
============

“Regent Caravans immediately disconnected its server to remove the threat and appointed an external IT consultancy to analyse what had happened and take steps to fortify the server from any future attacks,” Crank said in a statement to Cyber Daily.

“All of the company’s back-ups were confirmed to be intact, including data [that] was stored and backed up in the cloud.

“The IT consultancy, however, discovered that a number of files on the company server had been encrypted. A note from RansomHub and link to communicate with them were also found. Regent Caravans ignored the link and did not engage with the cyber criminals,” Crank added before detailing the nature of the data impacted by the breach.

“It has been subsequently confirmed, via a leak site, that the files obtained by RansomHub contained mainly HR and staff-related information, such as staff ID cards, and some financial data.”

Crank said that staff and customers have been notified and that the incident has been reported to the Australian Signals Directorate and the Australian Cyber Security Centre.

“At this stage, none of Regent Caravans’ business operations have been adversely affected by the breach,” Crank said.

Regent Caravans has dealerships across Australia and employs approximately 200 staff.

This incident marks the fifth such attack on Australian companies by the RansomHub operation, alongside two attacks on New Zealand firms. It would appear that none of the companies cooperated with the cyber criminals, as RansomHub has now posted more than four terabytes of data from its ANZ victims to its darknet leak site.

The gang has claimed 44 victims globally in August alone.

David Hollingworth

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.