Amco Metals Hit by Qilin Ransomware, 23GB Data Stolen
Incident Date:
August 11, 2024
Overview
Title
Amco Metals Hit by Qilin Ransomware, 23GB Data Stolen
Victim
Amco Metal Industrial Corporation
Attacker
Qilin
Location
First Reported
August 11, 2024
Qilin Ransomware Group Targets Amco Metal Industrial Corporation
Amco Metal Industrial Corporation, a prominent manufacturer and exporter based in Mumbai, India, has recently fallen victim to a ransomware attack orchestrated by the Qilin ransomware group. The attackers claim to have exfiltrated 23GB of sensitive data from the company's systems, marking a significant breach in the manufacturing sector.
About Amco Metal Industrial Corporation
Established in 1981, Amco Metal Industrial Corporation, commonly known as Amco Metals, specializes in producing a wide range of metal products, including stainless steel, carbon steel, and high nickel alloy pipes, tubes, fittings, flanges, and fasteners. The company is ISO 9001:2015 certified by TUV Nord India, ensuring adherence to international quality standards. Despite its relatively small size, employing between 11 to 25 people, Amco Metals has a strong global presence, exporting its products to over 100 countries.
What Makes Amco Metals Stand Out
Amco Metals is recognized for its commitment to quality, innovation, and environmental sustainability. The company utilizes advanced technologies in its production processes and emphasizes a customer-centric approach. Its state-of-the-art manufacturing facilities contribute to its reputation for reliability and performance in demanding operational environments. These factors make Amco Metals a trusted partner in various industries, including chemical, petrochemical, oil and gas, and food processing.
Vulnerabilities and Attack Overview
Despite its strong market position, Amco Metals' relatively small size and modest annual revenue, reported to be between ₹10 to ₹25 crore (approximately $1.2 to $3 million), may have made it an attractive target for ransomware groups like Qilin. The attackers claim to have infiltrated the company's systems and exfiltrated 23GB of sensitive data, underscoring the growing threat of ransomware attacks on industrial corporations.
About the Qilin Ransomware Group
The Qilin ransomware group, also known as Agenda, is a sophisticated Ransomware-as-a-Service (RaaS) operation believed to be of Russian origin. First appearing in October 2022, Qilin has targeted various organizations, including healthcare providers, automotive companies, and government agencies. The group uses advanced tactics, such as data exfiltration and double extortion, to pressure victims into paying ransoms. Qilin's adaptability and cross-platform capabilities make it a formidable threat in the cybersecurity landscape.
Penetration Tactics
While specific details of how Qilin penetrated Amco Metals' systems are not publicly available, the group is known for exploiting vulnerabilities in network security, using phishing attacks, and leveraging weak passwords to gain access. Once inside, they employ data exfiltration and encryption to maximize their leverage over the victim, often demanding substantial ransoms to restore access to the compromised data.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.