Arcus Media Ransomware Attack on Franja IT Solutions

Incident Date:

June 4, 2024

World map



Arcus Media Ransomware Attack on Franja IT Solutions


Franja IT Integradores de Tecnología


Arcus Media


Mosquera, Colombia

, Colombia

First Reported

June 4, 2024

Ransomware Attack on Franja IT Integradores de Tecnología by Arcus Media

Overview of Franja IT Integradores de Tecnología

Franja IT Integradores de Tecnología, operating under the name Franja IT Solutions, is a prominent player in the Business Services sector. The company specializes in providing a comprehensive range of IT services, including software development, IT consulting, and managed services. Their standout offering is a cloud-based telephony solution that leverages the latest telecommunications technology. With over fifteen years of experience, Franja IT has been instrumental in optimizing technological infrastructure and improving operational efficiency for various businesses.

Details of the Ransomware Attack

On June 4, 2024, the Arcus Media ransomware group executed a ransomware attack on Franja IT Integradores de Tecnología. The attack was publicly claimed by Arcus Media via their dark web leak site. The extent of the data leak remains unknown, but the breach has raised significant concerns given Franja IT's role in managing sensitive technological infrastructure for its clients.

About Arcus Media Ransomware Group

Arcus Media is a relatively new ransomware group that has been active since May 2024. The group employs direct and double extortion methods, using phishing emails to gain initial access and deploying custom ransomware binaries. They operate on a Ransomware-as-a-Service (RaaS) model, allowing other threat actors to use their malware. Arcus Media distinguishes itself with a unique affiliate program that requires new affiliates to be referred and vetted.

Potential Vulnerabilities and Penetration Methods

Franja IT's extensive involvement in managing IT infrastructure and providing managed services makes it a lucrative target for ransomware groups like Arcus Media. The initial access was likely gained through phishing emails, a common tactic used by Arcus Media. Once inside, the group deployed obfuscated scripts to execute the ransomware payload and used tools like Mimikatz for privilege escalation. The attack underscores the importance of robust cybersecurity measures, especially for companies handling critical technological infrastructure.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.