Espack Euro Logistics Hit by Cactus Ransomware Attack

Incident Date:

June 2, 2024

World map



Espack Euro Logistics Hit by Cactus Ransomware Attack






Valencia, Spain

, Spain

First Reported

June 2, 2024

Ransomware Attack on Espack Euro Logistics

Company Overview

Espack Euro Logistics, operating under the name ESPACK EUROLOGISTICA, S.L., is a logistics and supply chain company headquartered in Madrid, Spain. The company specializes in packaging activities and administrative support services, catering to businesses in need of transportation and logistics solutions. With an annual turnover of approximately $17.3 million and a workforce of between 50 and 249 employees, Espack Euro Logistics is a significant player in the industry.

Company Profile

Recognized for its active presence and commitment to providing efficient logistics services, ESPACK EUROLOGISTICA, S.L. has been operational since its incorporation in July 2004. The company operates under European Union Law and maintains an overseas status with an address in Valencia, Spain, ensuring robust logistics support to its clients.

Company Vulnerabilities

Operating in the transportation sector, Espack Euro Logistics is exposed to various cyber threats, including ransomware attacks. Cybercriminals, such as the Cactus ransomware group, target organizations across different industries, exploiting vulnerabilities like ZeroLogon to gain unauthorized access and deploy ransomware. The sensitive nature of logistical data makes companies like Espack Euro Logistics prime targets for such attacks.

Ransomware Attack Overview

The Cactus ransomware group recently executed an attack on Espack Euro Logistics' website, compromising sensitive data related to the company's operations. The breach resulted in the exposure of corporate details, financial data, employee and executive information, and database exports. This incident poses significant risks to the company's operational integrity and reputation.

Ransomware Group Profile

The Cactus ransomware group, known for its ransomware-as-a-service (RaaS) model, employs sophisticated techniques to bypass security measures and encrypt files. Leveraging malvertising lures and exploiting vulnerabilities such as ZeroLogon, the group uses distinctive encryption methods to conduct targeted attacks on various organizations, enhancing their efficacy and impact.

Penetration of Company Systems

The Cactus ransomware group likely infiltrated Espack Euro Logistics' systems through methods such as exploiting Remote Desktop Protocol (RDP), scheduled tasks, and Windows Management Instrumentation Command (WMIC). By creating multiple accounts and escalating privileges, the attackers could navigate laterally within the company's network, avoiding detection and ensuring persistent access.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.