Cactus Ransomware Group Targets Rea Magnet Wire, Exfiltrates 100GB Data
Incident Date:
June 18, 2024
Overview
Title
Cactus Ransomware Group Targets Rea Magnet Wire, Exfiltrates 100GB Data
Victim
Rea Magnet Wire Company Inc.
Attacker
Cactus
Location
First Reported
June 18, 2024
Ransomware Attack on Rea Magnet Wire Company Inc. by Cactus Group
Company Profile
Rea Magnet Wire Company Inc., founded in 1926 and headquartered in Fort Wayne, Indiana, is a leading manufacturer in the magnet wire industry. The company specializes in producing insulated magnet wire and related products used in various applications such as motors, transformers, and other electromagnetic devices. With an estimated revenue of $100 million, Rea Magnet Wire serves critical sectors including automotive, industrial, and energy, making it a significant player in its field.
Attack Overview
The Cactus ransomware group recently targeted Rea Magnet Wire, resulting in the exfiltration of approximately 100GB of sensitive data. This breach included personal identifiable information, employee details, corporate agreements, and financial documents. The attack not only led to significant data loss but also posed severe reputational risks to the company.
Ransomware Group Tactics
The Cactus group, known for its ransomware-as-a-service operations, employs sophisticated techniques to infiltrate and compromise systems. In this instance, they likely exploited known vulnerabilities such as ZeroLogon, tracked as CVE-2020-1472, which allows attackers to gain unauthorized access to domain controllers. The group's method of operation includes disabling security tools, using custom scripts, and employing unique encryption methods to evade detection.
Potential Vulnerabilities and Entry Points
Given the nature of the attack, it is plausible that Rea Magnet Wire's systems may have been vulnerable to the ZeroLogon exploit, among other security gaps. The manufacturing sector often involves complex supply chains and extensive data exchange, which can open up multiple vectors for cyberattacks. The company's significant data repositories and integral role in critical industries might have made it an attractive target for the Cactus group.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.