Arcus Media Ransomware Attack on Duque Saldarriaga

Incident Date:

June 4, 2024

World map

Overview

Title

Arcus Media Ransomware Attack on Duque Saldarriaga

Victim

Duque Saldarriaga

Attacker

Arcus Media

Location

Bogotá, Colombia

, Colombia

First Reported

June 4, 2024

Ransomware Attack on Duque Saldarriaga by Arcus Media

Company Profile

Duque Saldarriaga y Cia S.A.S, operating under the brand Envases Duque, is a Colombian company specializing in the production and distribution of high-quality packaging solutions. Established in 1982, the company employs approximately 104 people and reported a net sales revenue increase of 2.28% in 2023. They offer a wide range of products, including plastic and glass containers, valves, and other packaging solutions for various industries such as food, beverages, pharmaceuticals, and cosmetics.

Attack Overview

Recently, the Arcus Media ransomware group has claimed responsibility for an attack on Duque Saldarriaga. The group added the company to its list of victims on their dark web leak site. The attack has raised concerns about the vulnerabilities in the company's cybersecurity measures, particularly given their use of advanced manufacturing techniques and state-of-the-art technology.

Ransomware Group Profile

Arcus Media is a relatively new ransomware group that has been active since May 2024. They employ direct and double extortion methods, using phishing emails to gain initial access and deploying custom ransomware binaries. The group operates on a Ransomware-as-a-Service (RaaS) model, allowing other threat actors to use their malware. They have a unique affiliate program requiring new affiliates to be referred and vetted.

Penetration and Impact

It is likely that Arcus Media penetrated Duque Saldarriaga's systems through phishing emails containing malicious attachments or links. Once inside, they deployed scripts to execute the ransomware payload, using obfuscation techniques to evade detection. The attack has potentially compromised sensitive data and disrupted the company's operations, highlighting the need for robust cybersecurity measures.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.