Ransomware Attack on Espack Euro Logistics

Company Overview

Espack Euro Logistics, operating under the name ESPACK EUROLOGISTICA, S.L., is a logistics and supply chain company headquartered in Madrid, Spain. The company specializes in packaging activities and administrative support services, catering to businesses in need of transportation and logistics solutions. With an annual turnover of approximately $17.3 million and a workforce of between 50 and 249 employees, Espack Euro Logistics is a significant player in the industry.

Company Profile

Recognized for its active presence and commitment to providing efficient logistics services, ESPACK EUROLOGISTICA, S.L. has been operational since its incorporation in July 2004. The company operates under European Union Law and maintains an overseas status with an address in Valencia, Spain, ensuring robust logistics support to its clients.

Company Vulnerabilities

Operating in the transportation sector, Espack Euro Logistics is exposed to various cyber threats, including ransomware attacks. Cybercriminals, such as the Cactus ransomware group, target organizations across different industries, exploiting vulnerabilities like ZeroLogon to gain unauthorized access and deploy ransomware. The sensitive nature of logistical data makes companies like Espack Euro Logistics prime targets for such attacks.

Ransomware Attack Overview

The Cactus ransomware group recently executed an attack on Espack Euro Logistics' website, compromising sensitive data related to the company's operations. The breach resulted in the exposure of corporate details, financial data, employee and executive information, and database exports. This incident poses significant risks to the company's operational integrity and reputation.

Ransomware Group Profile

The Cactus ransomware group, known for its ransomware-as-a-service (RaaS) model, employs sophisticated techniques to bypass security measures and encrypt files. Leveraging malvertising lures and exploiting vulnerabilities such as ZeroLogon, the group uses distinctive encryption methods to conduct targeted attacks on various organizations, enhancing their efficacy and impact.

Penetration of Company Systems

The Cactus ransomware group likely infiltrated Espack Euro Logistics' systems through methods such as exploiting Remote Desktop Protocol (RDP), scheduled tasks, and Windows Management Instrumentation Command (WMIC). By creating multiple accounts and escalating privileges, the attackers could navigate laterally within the company's network, avoiding detection and ensuring persistent access.

Sources:

• Company House UK - ESPACK EUROLOGISTICA, S.L.
• Endole - Espack Eurologistica, S.L.
• Infoempresa - Espack Eurologistica, S.L.
• Trademo - Espack Eurologistica, S.L.
• StoneFly - Cactus Ransomware
• SocRadar - Cactus Ransomware Encryption Techniques
• Talos Intelligence - Ransomware Threats