In September 2023, RS Logistics Ltd, a Hong Kong-based logistics company founded in 2003, fell victim to a NoEscape ransomware attack. The cybercriminals, operating under a Ransomware-as-a-Service (RaaS) model (linked to the defunct Avaddon group), encrypted the company’s critical data and exfiltrated over 4,000 email documents. The attackers threatened to publish the stolen data unless the company initiated contact, leveraging a TOR-based multi-extortion platform to pressure the victim. The incident was publicly disclosed on September 2, 2023, when RS Logistics appeared on NoEscape’s data leak site.The attack employed advanced evasion techniques, including disabling security features and establishing persistence within the compromised systems. While the full scope of the stolen data remains undisclosed, the breach poses risks of sensitive information exposure (e.g., internal communications, operational details, or third-party data) and operational disruption due to encrypted systems. The company’s failure to respond could lead to public data leaks, reputational damage, and potential financial losses from ransom demands or recovery efforts. NoEscape’s targeting strategy focusing on U.S.-aligned industries while avoiding CIS countries highlights the group’s calculated approach to maximizing impact and profitability.
Source: https://www.redpacketsecurity.com/noescape-ransomware-victim-rs-logistics-ltd/
TPRM report: https://www.rankiteo.com/company/rs-logistics-limited
"id": "rs-527092125",
"linkid": "rs-logistics-limited",
"type": "Ransomware",
"date": "6/2003",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'industry': 'logistics',
'location': 'Hong Kong',
'name': 'RS Logistics Ltd',
'type': 'private company'}],
'data_breach': {'data_encryption': True,
'data_exfiltration': True,
'file_types_exposed': ['email documents'],
'number_of_records_exposed': '4,000+',
'sensitivity_of_data': 'sensitive (potential exposure)',
'type_of_data_compromised': ['email documents']},
'date_detected': '2023-09-02',
'date_publicly_disclosed': '2023-09-02',
'description': 'In September 2023, RS Logistics Ltd, a logistics company '
'based in Hong Kong, was targeted by the NoEscape ransomware '
"group. The attackers encrypted the company's data and stole "
'over 4,000 email documents, threatening to publish the data '
'unless contacted by the company. The attack resulted in '
'potential exposure of sensitive data and operational '
'disruption for RS Logistics.',
'impact': {'brand_reputation_impact': 'potential damage due to data exposure',
'data_compromised': ['4,000+ email documents'],
'operational_impact': 'disruption'},
'investigation_status': 'reported (ongoing or unresolved)',
'motivation': ['financial gain', 'data extortion'],
'ransomware': {'data_encryption': True,
'data_exfiltration': True,
'ransomware_strain': 'NoEscape (suspected rebrand of Avaddon)'},
'references': [{'source': 'Cybersecurity report on NoEscape ransomware '
'attack'}],
'threat_actor': 'NoEscape ransomware group (RaaS, suspected rebrand of '
'Avaddon)',
'title': 'NoEscape Ransomware Attack on RS Logistics Ltd',
'type': ['ransomware', 'data breach', 'multi-extortion']}