arvinclub attacks AM International

Incident Date:

April 20, 2022

World map



arvinclub attacks AM International


AM International




Lahore, Pakistan

Punjab, Pakistan

First Reported

April 20, 2022

A.M International Targeted by Arvinclub Ransomware Group

A.M International, a prominent Flavours & Fragrances (Liquid & Dry Powder) manufacturing organization based in Pakistan, has recently fallen victim to the ransomware group Arvinclub. The announcement of the attack was made on the group's dark web leak site. A.M International has been a significant player in the Business Services sector since 2004, boasting a portfolio of over 2500 products and more than 3000 clients. The company is renowned for its excellence in Research & Development and Quality Assurance, holding various certifications such as FSSC-22000, ISO-14001, ISO-9001, HALAAL, and PFA Approval.

With operations spanning Pakistan, UAE, Iran, Afghanistan, and the African Continent, A.M International's headquarters and manufacturing facility are strategically located in Lahore, near the Coca Cola Plant. Additionally, it maintains sub-offices in Karachi and Faisalabad. The company's website emphasizes its dedication to providing professional services characterized by Honesty, Honor, Dignity, Skills, Care, and a steadfast Commitment to its clientele.

The Context of the Attack

The ransomware assault on A.M International is indicative of a broader pattern of cybercrime targeting businesses and organizations globally. The Lockbit ransomware variant, with which Arvinclub is affiliated, is recognized as one of the most prolific ransomware groups worldwide. It has amassed over 2000 victims and extorted more than $120 million in ransom payments. This group has a notorious history of targeting critical infrastructure along with various public and private entities.

The incident involving A.M International highlights the critical importance of cybersecurity vigilance for businesses. To mitigate the risk of ransomware attacks, companies are advised to implement comprehensive cybersecurity strategies. These strategies should encompass regular software updates and patches, extensive employee training, and the development of effective incident response plans.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.