Arcus Media Ransomware Attack on Thibabem Atacadista

Overview of Thibabem Atacadista

Thibabem Atacadista e Distribuidor, a Brazilian company, specializes in wholesale children's clothing and accessories. Their wide range includes clothing, shoes, and accessories for babies, toddlers, and children. The company, which employs approximately 32 people, stands out for its extensive collection and wholesale operations.

Details of the Ransomware Attack

In late May 2024, Thibabem Atacadista fell victim to a ransomware attack by Arcus Media. This incident is part of a series of attacks by the group, active since May 2024, targeting various sectors worldwide.

Arcus Media uses phishing emails with malicious attachments to gain initial access. They deploy custom ransomware binaries and obfuscated scripts to execute the payload, create scheduled tasks for persistence, and use tools like Mimikatz for privilege escalation. Their methods include both direct and double extortion.

About Arcus Media

Arcus Media operates as a Ransomware-as-a-Service (RaaS), allowing other threat actors to use their malware. Their unique affiliate program requires new affiliates to be referred by existing ones. The group has targeted multiple sectors, including government, finance, healthcare, and education, with notable attacks on US telecom and London hospitals.

Potential Vulnerabilities

Thibabem's reliance on digital systems for operations and customer data makes it a prime target for ransomware. The disruption caused by such attacks can severely impact business continuity and lead to significant data loss.

Sources

• New Ransomware Group “Arcus” Attacks: Targeted South American Companies - Daily Dark Web
• Arcus Media Details - RansomLook
• Arcus Media Ransomware - WatchGuard Technologies