alphv attacks Detroit Stoker Company

Incident Date:

January 9, 2022

World map



alphv attacks Detroit Stoker Company


Detroit Stoker Company




Monroe, USA

Michigan, USA

First Reported

January 9, 2022

Detroit Stoker Company Targeted by Alphv Ransomware Group

The Detroit Stoker Company, a prominent designer, manufacturer, and supplier of solid fuel stoker/grate systems and related combustion equipment, has recently fallen victim to the ransomware group Alphv. With over 125 years of operation, the company has established itself in the manufacturing sector, specializing in the generation of heat and power from a variety of renewable opportunity fuels including biomass, refuse-derived fuels, and others.

Detroit Stoker Company's official website provides extensive information on their products and services, detailing the diverse types of fuels their combustion equipment can process, such as bagasse, bark, biodiesel, grain refuse, MSW (Municipal Solid Waste), RDF (Refuse-Derived Fuel), palm oil residue, poultry litter, sawdust, and sunflower hulls.

While specific vulnerabilities that led to the company being targeted by threat actors remain undisclosed, it is widely recognized that ransomware attacks frequently exploit weaknesses such as outdated software, unpatched systems, and insufficient password policies. The exact vulnerabilities at Detroit Stoker Company, whether these or others, have not been made clear, nor has it been specified if the attack was part of a broader, targeted campaign.

The Alphv ransomware group, also identified as DEV-0537, has been notably active since at least 2022, orchestrating several high-profile attacks on entities such as the US Marshals service, Point32Health, MOVEit, City of Dallas, GoAnywhere, MCNA Dental, and Yum Brands. This group is distinguished by its aggressive approach, notably its use of double-extortion tactics, wherein data is exfiltrated prior to encryption and subsequently held for ransom.

As of this writing, Detroit Stoker Company has not released any public statements concerning the attack or the extent of any data breach. According to their privacy policy, the company does collect and utilize personal information, including device data, to enhance site functionality and marketing strategies. The potential compromise of this information in the attack remains uncertain.

This incident underscores the persistent threat posed by ransomware attacks and highlights the critical need for robust cybersecurity defenses to mitigate such risks.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.