Cactus Ransomware Strikes Ten-8 Fire and Safety Company
Incident Date:
September 23, 2024
Overview
Title
Cactus Ransomware Strikes Ten-8 Fire and Safety Company
Victim
Ten-8 Fire and Safety
Attacker
Cactus
Location
First Reported
September 23, 2024
Cactus Ransomware Group Targets Ten-8 Fire and Safety
In a recent cyberattack, the Cactus ransomware group has claimed responsibility for targeting Ten-8 Fire and Safety, a prominent dealer of fire-rescue apparatus and firefighting equipment. The attack, which reportedly resulted in the exfiltration of 240 GB of data, highlights the vulnerabilities faced by companies in the manufacturing sector, particularly those serving critical emergency services.
About Ten-8 Fire and Safety
Ten-8 Fire and Safety, operating primarily in Florida and Georgia, is a leading distributor of fire trucks, ambulances, and firefighting gear. The company is recognized for its commitment to quality and customer service, serving municipal fire departments and private emergency services. With a workforce of approximately 50 to 74 employees and annual revenue between $24.6 million and $40 million, Ten-8 Fire and Safety stands out for its extensive product offerings and dedication to supporting first responders.
Attack Overview
The Cactus ransomware group, known for its sophisticated tactics, has claimed to have infiltrated Ten-8 Fire and Safety's systems, exfiltrating a significant amount of data. The attack underscores the risks faced by companies in the emergency services sector, where the integrity and availability of data are crucial. The group's use of double extortion tactics, where data is both encrypted and threatened with public release, adds pressure on victims to comply with ransom demands.
About the Cactus Ransomware Group
Identified in March 2023, the Cactus ransomware group has quickly gained notoriety for its ability to exploit vulnerabilities in VPN appliances and data analytics platforms. The group employs a unique approach by encrypting its own binary to evade detection, making it challenging for security teams to respond effectively. Cactus is known for its rapid adaptation to new vulnerabilities, allowing it to launch attacks swiftly and efficiently.
Potential Vulnerabilities
Ten-8 Fire and Safety, like many organizations, may have been vulnerable due to unpatched VPN devices or insufficient security measures. The Cactus group often gains initial access through exploiting known vulnerabilities or using stolen credentials, highlighting the importance of vigilant cybersecurity practices. The attack on Ten-8 Fire and Safety serves as a reminder of the critical need for organizations to remain proactive in their cybersecurity efforts.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.