Aerotech Solutions Hit by Meow Ransomware: $50K Ransom Demanded
Incident Date:
August 13, 2024
Overview
Title
Aerotech Solutions Hit by Meow Ransomware: $50K Ransom Demanded
Victim
Aerotech Solutions
Attacker
Meow
Location
First Reported
August 13, 2024
Ransomware Attack on Aerotech Solutions by Meow Ransomware Group
Aerotech Solutions, a Richmond, California-based company specializing in the distribution of industrial hardware and electronic components, has recently fallen victim to a ransomware attack orchestrated by the notorious Meow Ransomware group. The attackers are demanding a ransom of $50,000 for the release of over 20 GB of confidential data, which includes sensitive information such as employee data, client information, document scans, engineering drawings, and financial records.
About Aerotech Solutions
Founded in 2001, Aerotech Solutions has established itself as a trusted partner in the Defense, Aerospace, Industrial, Telecommunications, and Commercial sectors. The company is renowned for its reliable customer support and strong, trust-based relationships with its clients. Aerotech Solutions prides itself on its commitment to quality, sourcing products only from approved manufacturers to meet stringent aerospace standards. The company leverages its extensive industry knowledge and an advanced enterprise resource planning (ERP) system to efficiently manage customer requirements.
Attack Overview
The ransomware attack on Aerotech Solutions has resulted in the compromise of over 20 GB of sensitive data. The attackers are marketing this stolen data to potential buyers, highlighting its value to industry professionals, market analysts, and other stakeholders. The headquarters of Aerotech Solutions is located at 2250 Central Street, Building C, Richmond, CA, and the company offers various services through its website, including inventory checks and product solutions.
About Meow Ransomware Group
Meow Ransomware is a ransomware group that emerged in late 2022, with a resurgence in activity in 2023. They are associated with the Conti v2 ransomware variant and have been active in targeting victims, primarily in the United States. The group employs various infection methods, including phishing emails, exploit kits, Remote Desktop Protocol (RDP) vulnerabilities, and malvertising. Once a system is compromised, the ransomware encrypts files using a combination of the ChaCha20 and RSA-4096 algorithms.
Penetration and Distinguishing Features
Meow Ransomware distinguishes itself by frequently targeting industries with sensitive data, such as Healthcare and Medical Research. They have been known to post victim data on their leak site if the ransom is not paid. The ransomware group leaves behind a ransom note named "readme.txt" that instructs victims to contact the group via email or Telegram to negotiate the ransom payment and retrieve their encrypted files. Security researchers have identified the threat actors behind Meow Ransomware as the "Anti-Russian Extortion Group," likely due to their targeting of entities in response to the Russia-Ukraine war.
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.