Arcus Media Ransomware Attack on Duque Saldarriaga
Incident Date:
June 4, 2024
Overview
Title
Arcus Media Ransomware Attack on Duque Saldarriaga
Victim
Duque Saldarriaga
Attacker
Arcus Media
Location
First Reported
June 4, 2024
Ransomware Attack on Duque Saldarriaga by Arcus Media
Company Profile
Duque Saldarriaga y Cia S.A.S, operating under the brand Envases Duque, is a Colombian company specializing in the production and distribution of high-quality packaging solutions. Established in 1982, the company employs approximately 104 people and reported a net sales revenue increase of 2.28% in 2023. They offer a wide range of products, including plastic and glass containers, valves, and other packaging solutions for various industries such as food, beverages, pharmaceuticals, and cosmetics.
Attack Overview
Recently, the Arcus Media ransomware group has claimed responsibility for an attack on Duque Saldarriaga. The group added the company to its list of victims on their dark web leak site. The attack has raised concerns about the vulnerabilities in the company's cybersecurity measures, particularly given their use of advanced manufacturing techniques and state-of-the-art technology.
Ransomware Group Profile
Arcus Media is a relatively new ransomware group that has been active since May 2024. They employ direct and double extortion methods, using phishing emails to gain initial access and deploying custom ransomware binaries. The group operates on a Ransomware-as-a-Service (RaaS) model, allowing other threat actors to use their malware. They have a unique affiliate program requiring new affiliates to be referred and vetted.
Penetration and Impact
It is likely that Arcus Media penetrated Duque Saldarriaga's systems through phishing emails containing malicious attachments or links. Once inside, they deployed scripts to execute the ransomware payload, using obfuscation techniques to evade detection. The attack has potentially compromised sensitive data and disrupted the company's operations, highlighting the need for robust cybersecurity measures.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.