Circle K Atlanta Hit by Hunters International Ransomware Attack

Incident Date:

June 18, 2024

World map

Overview

Title

Circle K Atlanta Hit by Hunters International Ransomware Attack

Victim

Circle K Atlanta

Attacker

Hunters International

Location

Atlanta, USA

Georgia, USA

First Reported

June 18, 2024

Ransomware Attack on Circle K Atlanta by Hunters International

Company Profile: Circle K Atlanta

Circle K Atlanta, operating under Gas Express LLC, is the largest franchisee of the Circle K brand in the United States, with a significant presence in the Atlanta metropolitan area. Founded in 1994, the company has expanded to over 30 locations, providing convenience store services and fuel. Known for its commitment to convenience and customer service, Circle K Atlanta stands out in the retail sector for its comprehensive offerings, including groceries, car washes, and ATMs. The company reported annual revenues of $2.4 million in 2024, employing 28 individuals.

Details of the Ransomware Attack

Hunters International, a notorious ransomware group, has recently targeted Circle K Atlanta, claiming responsibility on their dark web blog. The attack resulted in the exfiltration of 55.6 gigabytes of sensitive data, including nearly three gigabytes of current employee information. Notably, the stolen data includes images resembling passports, posing a severe risk of identity theft and other frauds. Despite the substantial data breach, the group has restrained from releasing extensive data samples publicly.

Profile of Hunters International

Hunters International emerged in the cybercrime arena following the disruption of the Hive ransomware group. Unlike traditional ransomware groups that encrypt data, Hunters International specializes in data theft, enhancing their operational simplicity and efficiency. This group has targeted a diverse range of sectors globally, indicating a broad and opportunistic attack vector. Their operations have been linked back to Nigeria, suggesting a geographically diverse network.

Potential Vulnerabilities and Penetration Tactics

The penetration of Circle K Atlanta’s systems could have been facilitated by various factors, including insufficient cybersecurity measures against sophisticated phishing attacks or unpatched software vulnerabilities. Given the scale of data exfiltrated, it is likely that the attackers had sustained access to the network, possibly exploiting weak network security protocols or insider threats.

Sources:

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.