Dunlop Aircraft Tyres Hit by Major Ransomware Attack from Cloak Group

Incident Date:

August 21, 2024

World map

Overview

Title

Dunlop Aircraft Tyres Hit by Major Ransomware Attack from Cloak Group

Victim

Dunlop Aircraft Tyres

Attacker

Cloak

Location

Mocksville, USA

North Carolina, USA

First Reported

August 21, 2024

Ransomware Attack on Dunlop Aircraft Tyres by Cloak Group

Dunlop Aircraft Tyres, a leading manufacturer and retreader of aircraft tires, has been targeted by the ransomware group Cloak. The attack, discovered on August 22, 2024, resulted in a significant data breach, compromising 102GB of sensitive information. This incident highlights the increasing threat of ransomware to critical industries.

About Dunlop Aircraft Tyres

Based in Birmingham, UK, Dunlop Aircraft Tyres is the world's only specialist manufacturer and retreader of aircraft tires. Established in 1910 and becoming an independent entity in 1996, the company serves both civil and military markets. With a workforce of approximately 182 employees and an annual revenue of $63.7 million, Dunlop is recognized for its high-quality, reliable tires that meet rigorous aviation standards. The company operates globally, with facilities in North America and China, and supplies tires for over 300 different aircraft types.

Attack Overview

The ransomware attack on Dunlop Aircraft Tyres was orchestrated by the Cloak group, a relatively new threat actor that emerged between late 2022 and early 2023. The breach resulted in the exfiltration and encryption of 102GB of data, potentially impacting the company's operations and its global clientele. The attack underscores the vulnerability of manufacturing sectors to ransomware threats.

About Cloak Ransomware Group

Cloak is a financially motivated ransomware group known for its double extortion tactics. They encrypt files and threaten to leak stolen data on their dark web leak site. Cloak primarily targets sectors such as medical, real estate, construction, IT, food industry, and manufacturing, with a focus on Europe. The group often purchases initial access from Initial Access Brokers and uses compromised employee credentials obtained through info-stealers like Lumma, Aurora, and Redline.

Penetration and Impact

Cloak likely penetrated Dunlop Aircraft Tyres' systems by leveraging compromised credentials or purchasing access from underground marketplaces. The ransomware uses the infected machine's resources to exfiltrate and encrypt data, renaming files with extensions like .crYptA to .crYptE. The high payment rate of 91-96% among Cloak's victims indicates the effectiveness of their extortion tactics.

Conclusion

The ransomware attack on Dunlop Aircraft Tyres by the Cloak group serves as a stark reminder of the growing cybersecurity threats facing critical industries. The breach has compromised a significant amount of sensitive data, potentially affecting the company's operations and its global clientele.

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.