Espack Euro Logistics Hit by Cactus Ransomware Attack
Incident Date:
June 2, 2024
Overview
Title
Espack Euro Logistics Hit by Cactus Ransomware Attack
Victim
ESPACK EUROLOGISTICA, S.L.
Attacker
Cactus
Location
First Reported
June 2, 2024
Ransomware Attack on Espack Euro Logistics
Company Overview
Espack Euro Logistics, operating under the name ESPACK EUROLOGISTICA, S.L., is a logistics and supply chain company headquartered in Madrid, Spain. The company specializes in packaging activities and administrative support services, catering to businesses in need of transportation and logistics solutions. With an annual turnover of approximately $17.3 million and a workforce of between 50 and 249 employees, Espack Euro Logistics is a significant player in the industry.
Company Profile
Recognized for its active presence and commitment to providing efficient logistics services, ESPACK EUROLOGISTICA, S.L. has been operational since its incorporation in July 2004. The company operates under European Union Law and maintains an overseas status with an address in Valencia, Spain, ensuring robust logistics support to its clients.
Company Vulnerabilities
Operating in the transportation sector, Espack Euro Logistics is exposed to various cyber threats, including ransomware attacks. Cybercriminals, such as the Cactus ransomware group, target organizations across different industries, exploiting vulnerabilities like ZeroLogon to gain unauthorized access and deploy ransomware. The sensitive nature of logistical data makes companies like Espack Euro Logistics prime targets for such attacks.
Ransomware Attack Overview
The Cactus ransomware group recently executed an attack on Espack Euro Logistics' website, compromising sensitive data related to the company's operations. The breach resulted in the exposure of corporate details, financial data, employee and executive information, and database exports. This incident poses significant risks to the company's operational integrity and reputation.
Ransomware Group Profile
The Cactus ransomware group, known for its ransomware-as-a-service (RaaS) model, employs sophisticated techniques to bypass security measures and encrypt files. Leveraging malvertising lures and exploiting vulnerabilities such as ZeroLogon, the group uses distinctive encryption methods to conduct targeted attacks on various organizations, enhancing their efficacy and impact.
Penetration of Company Systems
The Cactus ransomware group likely infiltrated Espack Euro Logistics' systems through methods such as exploiting Remote Desktop Protocol (RDP), scheduled tasks, and Windows Management Instrumentation Command (WMIC). By creating multiple accounts and escalating privileges, the attackers could navigate laterally within the company's network, avoiding detection and ensuring persistent access.
Sources:
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.