Arcus Media Ransomware Attack on Thibabem Atacadista

Incident Date:

May 24, 2024

World map

Overview

Title

Arcus Media Ransomware Attack on Thibabem Atacadista

Victim

Thibabem Atacadista

Attacker

Arcus Media

Location

Varginha, Brazil

, Brazil

First Reported

May 24, 2024

Arcus Media Ransomware Attack on Thibabem Atacadista

Overview of Thibabem Atacadista

Thibabem Atacadista e Distribuidor, a Brazilian company, specializes in wholesale children's clothing and accessories. Their wide range includes clothing, shoes, and accessories for babies, toddlers, and children. The company, which employs approximately 32 people, stands out for its extensive collection and wholesale operations.

Details of the Ransomware Attack

In late May 2024, Thibabem Atacadista fell victim to a ransomware attack by Arcus Media. This incident is part of a series of attacks by the group, active since May 2024, targeting various sectors worldwide.

Arcus Media uses phishing emails with malicious attachments to gain initial access. They deploy custom ransomware binaries and obfuscated scripts to execute the payload, create scheduled tasks for persistence, and use tools like Mimikatz for privilege escalation. Their methods include both direct and double extortion.

About Arcus Media

Arcus Media operates as a Ransomware-as-a-Service (RaaS), allowing other threat actors to use their malware. Their unique affiliate program requires new affiliates to be referred by existing ones. The group has targeted multiple sectors, including government, finance, healthcare, and education, with notable attacks on US telecom and London hospitals.

Potential Vulnerabilities

Thibabem's reliance on digital systems for operations and customer data makes it a prime target for ransomware. The disruption caused by such attacks can severely impact business continuity and lead to significant data loss.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.