Jameco Electronics Suffers Ransomware Attack

Company Overview

Jameco Electronics has been in business for over 50 years and is recognized as one of the largest distributors of electronic components and power supplies. The company boasts a comprehensive inventory of in-stock products, offering competitive prices across both name brands and their proprietary branded products. Additionally, Jameco provides tailored kitting programs, curriculum kits for universities and colleges, and specialized services for businesses, government agencies, and educational institutions.

Vulnerabilities and Impact

The recent ransomware attack on Jameco Electronics marks another cybersecurity incident for the company, following a similar event in 2022 that compromised HR files of current and former employees. This breach led to the unauthorized disclosure of sensitive personal information, including but not limited to full names, addresses, social security numbers, birthdates, pay rates, and banking details. While specific vulnerabilities exploited in these attacks have not been disclosed, the company has indicated ongoing reviews and enhancements of its technical policies and procedures to bolster security measures against future threats.

Threat Actor

The ransomware group Blackbasta, responsible for the latest attack on Jameco Electronics, is notorious for its data exfiltration and extortion practices. This includes deploying file-encrypting ransomware and employing aggressive extortion tactics such as DDoS attacks and direct harassment of the victims' customers and employees. Active since November 2021, Blackbasta operates on a ransomware-as-a-service (RaaS) model, highlighting the evolving and sophisticated nature of cybercriminal enterprises.

Sources

• Japan Aviation Electronics Targeted in Ransomware Attack - SecurityWeek
• Jameco Electronics Security Rating, Vendor Risk Report, and ... - UpGuard
• Jameco Electronics Data Breach Investigation - Turke & Strauss LLP