Arcus Media Ransomware Attack on Thibabem Atacadista
Incident Date:
May 24, 2024
Overview
Title
Arcus Media Ransomware Attack on Thibabem Atacadista
Victim
Thibabem Atacadista
Attacker
Arcus Media
Location
First Reported
May 24, 2024
Arcus Media Ransomware Attack on Thibabem Atacadista
Overview of Thibabem Atacadista
Thibabem Atacadista e Distribuidor, a Brazilian company, specializes in wholesale children's clothing and accessories. Their wide range includes clothing, shoes, and accessories for babies, toddlers, and children. The company, which employs approximately 32 people, stands out for its extensive collection and wholesale operations.
Details of the Ransomware Attack
In late May 2024, Thibabem Atacadista fell victim to a ransomware attack by Arcus Media. This incident is part of a series of attacks by the group, active since May 2024, targeting various sectors worldwide.
Arcus Media uses phishing emails with malicious attachments to gain initial access. They deploy custom ransomware binaries and obfuscated scripts to execute the payload, create scheduled tasks for persistence, and use tools like Mimikatz for privilege escalation. Their methods include both direct and double extortion.
About Arcus Media
Arcus Media operates as a Ransomware-as-a-Service (RaaS), allowing other threat actors to use their malware. Their unique affiliate program requires new affiliates to be referred by existing ones. The group has targeted multiple sectors, including government, finance, healthcare, and education, with notable attacks on US telecom and London hospitals.
Potential Vulnerabilities
Thibabem's reliance on digital systems for operations and customer data makes it a prime target for ransomware. The disruption caused by such attacks can severely impact business continuity and lead to significant data loss.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.