Green Resource Targeted by GENESIS Ransomware Operation
Green Resource has fallen victim to the GENESIS ransomware group, which claims to have exfiltrated 400 GB of sensitive corporate data, including financial and supply-chain records.

Green Resource has fallen victim to the GENESIS ransomware group, which claims to have exfiltrated 400 GB of sensitive corporate data, including financial and supply-chain records.

The recent security breach involving Green Resource has brought renewed attention to the tactics employed by the GENESIS ransomware group. According to reports, the threat actors claim to have compromised approximately 400 GB of internal data from the organization. This incident highlights the growing risk faced by companies in the wholesale and supply-chain sectors, where data integrity is paramount.

The stolen data reportedly includes sensitive information such as project documentation, sales databases, accounting records, supply-chain documentation, and internal network user folders. Furthermore, the threat actors stated that confidential contracts and Non-Disclosure Agreements (NDAs) are among the compromised assets. The group has indicated an intention to publish this information publicly within a short timeframe, underscoring the urgency for the affected entity to assess its risk exposure.
At FemtoSec, we emphasize that reactive security measures are no longer sufficient to stop modern ransomware groups. Organizations must adopt a Vulnerability Assessments framework to identify and patch the specific entry points these groups exploit. Whether through weak authentication, unpatched software, or misconfigured cloud buckets, attackers are consistently searching for the path of least resistance.
Beyond initial entry, the ability of attackers to move laterally and exfiltrate large volumes of data indicates a failure in internal segmentation and monitoring. Utilizing advanced Attack Surface Management is essential for enterprises to gain visibility into their infrastructure and understand how external actors view their perimeter before a breach occurs.
GENESIS, like many other ransomware operators, utilizes double-extortion tactics. They not only encrypt the victim's data but also threaten the public release of sensitive corporate files to force payment. In the context of wholesale and agricultural industries, the exposure of supply-chain contracts can lead to long-term reputational damage and legal complications that extend far beyond the immediate financial impact of the ransom.
The scale of data involved—400 GB—suggests a significant compromise of file servers. This type of incident is often preceded by reconnaissance activities that go undetected for weeks or months. Ensuring that your organization is not a target requires a deep understanding of your own environment and a rigorous approach to security hygiene.
Resilience in the current threat landscape requires more than just standard software updates. It requires a fundamental shift toward an offensive security mindset. Organizations should simulate real-world attacks to identify if their detection and response capabilities are truly up to the task of stopping an active adversary. By mapping out potential attack paths, management can better prioritize where to invest security budget and operational resources.
Furthermore, as ransomware groups continue to evolve their methods, the need for continuous, automated validation has become the new industry standard. We help organizations across the GCC region secure their infrastructure by identifying weaknesses before they can be leveraged by external threat actors. Taking the initiative now, rather than waiting for an incident, is the only way to ensure continuity in a volatile environment.
If your team may be exposed to a similar threat, FemtoSec can help validate blast radius, prioritize remediation, and connect the issue to a practical security program.
The Redact ransomware group, an extortion-only offshoot linked to UNC6671, has targeted FCCI Insurance Group, stealing 145 GB of corporate data. The group bypassed multi-factor authentication by utilizing advanced voice phishing (vishing) and session hijacking to execute automated cloud-to-cloud data extraction.

ANUBIS ransomware has targeted Quest Health Solutions, exfiltrating 239 GB of sensitive operational data. Operating under a dual-threat encryption and wiping model, this Go-based malware poses severe risks to healthcare infrastructure. Explore the technical attack chain, SIEM detection rules, and containment steps.

An investigation into the Aur0ra ransomware incident affecting ALS Global. We break down the risks associated with the exfiltrated administrative and financial data.
Onion URL
http://genesis6ixpb5mcy4kudybtw5op2wqlrkocfogbnenz3c647ibqixiad.onion/dbc7eb0c136da6d5eff7