Cyberattack on Hashem Contracting: RansomHub Ransomware Breach

The construction industry in Saudi Arabia has been hit by a significant cyberattack, with the RansomHub ransomware group claiming responsibility for breaching Hashem Contracting.

This incident highlights the growing cybersecurity challenges faced by the nation as it continues to expand its digital infrastructure.

Details of the Breach

According to the post from HackManac, RansomHub, a notorious ransomware group, has announced that it has successfully infiltrated Hashem Contracting, a prominent construction company in Saudi Arabia.

The group alleges that it has exfiltrated 91 GB of sensitive data from the company.

The breach was made public on December 14, 2024, with a ransom deadline set for December 22, 2024.

RansomHub is known for its sophisticated ransomware-as-a-service model, which has targeted various sectors globally, including critical infrastructure and commercial facilities.

Saudi Arabia’s Cybersecurity Landscape

Saudi Arabia is one of the most targeted nations in the Middle East when it comes to cyberattacks, facing over 50 million attacks last year alone.

The country’s rapid digital transformation and investment in smart city initiatives have made it a prime target for cybercriminals.

The government is actively working with cybersecurity firms like Kaspersky to bolster its defenses against such threats.

Kaspersky has identified construction as one of the vulnerable sectors due to insecure employee behavior and is providing services like Industrial Control Systems (ICS) Security Assessment to enhance protection.

RansomHub’s Modus Operandi

RansomHub employs a double-extortion model, encrypting systems and exfiltrating data to pressure victims into paying ransoms.

The group uses various methods to gain initial access, including phishing emails and exploiting known vulnerabilities.

Once inside a network, they employ tools like Nmap for scanning and PowerShell scripts for lateral movement.

Their encryption technique leverages Curve 25519, an elliptic curve encryption algorithm, ensuring that files are encrypted in a manner that complicates decryption without paying the ransom.

Kaspersky’s collaboration with local businesses and government entities aims to develop local cybersecurity talent capable of addressing these challenges.

The introduction of Managed Detection and Response (MDR) services and partnerships with cloud providers are part of the broader strategy to safeguard data sovereignty and privacy.

The breach at Hashem Contracting underscores the urgent need for robust cybersecurity frameworks across industries in Saudi Arabia.

Also Read:

Zero-Day Exploits: Remote Access Vulnerabilities Are Now Hackers’ Top Target

See more