Cloak Ransomware Strikes Penn Veterinary Supply Inc
Incident Date:
September 25, 2024
Overview
Title
Cloak Ransomware Strikes Penn Veterinary Supply Inc
Victim
Penn Veterinary Supply Inc.
Attacker
Cloak
Location
First Reported
September 25, 2024
Cloak Ransomware Group Targets Penn Veterinary Supply Inc.
Penn Veterinary Supply Inc., a prominent player in the veterinary supply industry, has fallen victim to a ransomware attack orchestrated by the Cloak ransomware group. This incident highlights the growing threat of cyberattacks on the healthcare services sector, particularly targeting small to medium-sized businesses.
Company Profile and Industry Standing
Established in 1981 and headquartered in Lancaster, Pennsylvania, Penn Veterinary Supply Inc. is a family-owned distributor dedicated to serving veterinarians and veterinary practices. The company employs approximately 129 individuals and reported an annual revenue of $145 million. Penn Vet distinguishes itself through personalized service, offering a wide range of veterinary products and solutions tailored for independent veterinary hospitals. Their commitment to customer engagement, education, and technological innovation makes them a vital resource in the veterinary community.
Vulnerabilities and Attack Overview
The attack on Penn Veterinary Supply Inc. was first indicated on September 4, 2024, when Cloak partially revealed the victim's domain on their dark web leak site. By September 25, 2024, the full domain was disclosed, and sample screenshots along with compromised data were made available for download. The company's focus on technology, such as their "Schedule & Save" program and digital Safety Data Sheets, may have inadvertently exposed vulnerabilities that threat actors like Cloak could exploit.
Cloak Ransomware Group: Tactics and Distinction
Cloak ransomware emerged between late 2022 and early 2023, primarily targeting sectors like medical, real estate, and IT. The group is financially motivated, often purchasing initial access from Initial Access Brokers and leveraging compromised credentials obtained through info-stealers. Cloak employs double extortion tactics, encrypting files and threatening to leak stolen data. Their operations are characterized by a high ransom payment rate, with 21 out of 23 victims reportedly paying the ransom as of mid-2023.
Potential Penetration Methods
While the exact method of penetration into Penn Veterinary Supply's systems remains unclear, it is likely that Cloak utilized compromised employee credentials or exploited vulnerabilities in the company's digital infrastructure. The group's ability to exfiltrate and encrypt data using the infected machine's resources underscores the importance of effective cybersecurity measures.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.