Cactus Ransomware Group Targets Rea Magnet Wire, Exfiltrates 100GB Data

Incident Date:

June 18, 2024

World map

Overview

Title

Cactus Ransomware Group Targets Rea Magnet Wire, Exfiltrates 100GB Data

Victim

Rea Magnet Wire Company Inc.

Attacker

Cactus

Location

Fort Wayne, USA

Indiana, USA

First Reported

June 18, 2024

Ransomware Attack on Rea Magnet Wire Company Inc. by Cactus Group

Company Profile

Rea Magnet Wire Company Inc., founded in 1926 and headquartered in Fort Wayne, Indiana, is a leading manufacturer in the magnet wire industry. The company specializes in producing insulated magnet wire and related products used in various applications such as motors, transformers, and other electromagnetic devices. With an estimated revenue of $100 million, Rea Magnet Wire serves critical sectors including automotive, industrial, and energy, making it a significant player in its field.

Attack Overview

The Cactus ransomware group recently targeted Rea Magnet Wire, resulting in the exfiltration of approximately 100GB of sensitive data. This breach included personal identifiable information, employee details, corporate agreements, and financial documents. The attack not only led to significant data loss but also posed severe reputational risks to the company.

Ransomware Group Tactics

The Cactus group, known for its ransomware-as-a-service operations, employs sophisticated techniques to infiltrate and compromise systems. In this instance, they likely exploited known vulnerabilities such as ZeroLogon, tracked as CVE-2020-1472, which allows attackers to gain unauthorized access to domain controllers. The group's method of operation includes disabling security tools, using custom scripts, and employing unique encryption methods to evade detection.

Potential Vulnerabilities and Entry Points

Given the nature of the attack, it is plausible that Rea Magnet Wire's systems may have been vulnerable to the ZeroLogon exploit, among other security gaps. The manufacturing sector often involves complex supply chains and extensive data exchange, which can open up multiple vectors for cyberattacks. The company's significant data repositories and integral role in critical industries might have made it an attractive target for the Cactus group.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.