D&K Group Hit by Cicada3301 Ransomware: 125GB Data Stolen
Incident Date:
July 25, 2024
Overview
Title
D&K Group Hit by Cicada3301 Ransomware: 125GB Data Stolen
Victim
D&K Group, Inc.
Attacker
Cicada 3301
Location
First Reported
July 25, 2024
Ransomware Attack on D&K Group, Inc. by Cicada3301
Overview of D&K Group, Inc.
D&K Group, Inc. is a prominent U.S. manufacturer specializing in print finishing solutions, particularly in the production of laminating films and equipment. Headquartered in Elk Grove Village, Illinois, the company prides itself on manufacturing all its products in the USA. Established in 1979, D&K Group employs approximately 118 people and operates multiple facilities, including a 45,000-square-foot main manufacturing site and additional facilities dedicated to thermal laminating films and pressure-sensitive films.
Attack Details
On July 25, 2024, the ransomware group Cicada3301 publicly disclosed an attack on D&K Group, Inc. The attackers exfiltrated 125 GB of sensitive data, including information related to the company's thermal extrusion and pressure-sensitive laminating films, adhesives, wide format and desktop laminators, and automated high-speed laminating systems. Cicada3301 has threatened to publish the stolen data if D&K Group does not make contact with them.
About Cicada3301
Cicada3301 is a new threat actor group that emerged in June 2024. Unlike traditional ransomware groups, Cicada3301 operates as a data broker, focusing on stealing sensitive data and selling it on dark web marketplaces. This approach signifies a shift from conventional ransomware tactics to more sustained and long-term damage strategies. Cicada3301 has already published data from four victims on its leak site, showcasing its capability to compromise and exfiltrate sensitive information.
Cicada 3301
To clarify, the name “Cicada 3301” was originally associated with an online puzzle that gained notoriety between 2012-2014. However, the name has since been appropriated by a separate and unrelated ransomware group, which has been the focus of recent reports, including ours.
Halcyon fully respects the legacy of the original “Cicada 3301” organization and recognizes their distinction from the activities of the ransomware group using the same name. Our reporting on the ransomware group is consistent with fair use, aiming to inform the public about cybersecurity threats. For those interested in the original “Cicada 3301” and their official stance on this matter, we encourage you to visit their statement here.
We appreciate your understanding as we strive to maintain clarity and accuracy in our reporting.
Vulnerabilities and Penetration
D&K Group's extensive range of products and custom solutions, along with its significant market presence, make it an attractive target for cybercriminals. The company's reliance on advanced technologies and materials in its manufacturing processes may have introduced vulnerabilities that Cicada3301 exploited. The exact method of penetration remains unclear, but common tactics include phishing attacks, exploiting unpatched software vulnerabilities, and leveraging weak network security protocols.
Impact on D&K Group
The ransomware attack poses significant risks to D&K Group, including potential financial loss, reputational damage, and operational disruption. The exposure of sensitive data can lead to identity theft, corporate espionage, and regulatory penalties. As a leader in the print finishing industry, D&K Group must address these challenges promptly to mitigate the long-term impact of the attack.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.