Finlogic S.p.A Hit by Meow Ransomware: 20GB Data Compromised

Incident Date:

August 27, 2024

World map

Overview

Title

Finlogic S.p.A Hit by Meow Ransomware: 20GB Data Compromised

Victim

Finlogic S.p.A

Attacker

Meow

Location

Acquaviva delle Fonti, Italy

, Italy

First Reported

August 27, 2024

Ransomware Attack on Finlogic S.p.A by Meow Ransomware Group

Finlogic S.p.A, a prominent Italian company specializing in labeling solutions, barcode technologies, and automated identification systems, has recently fallen victim to a ransomware attack orchestrated by the notorious Meow ransomware group. Established in 2003, Finlogic has grown to become a key player in its industry, operating as the main entity within the Finlogic Group, which includes several specialized companies. The group provides comprehensive solutions for labeling, traceability, and product identification across various sectors such as logistics, food and beverage, and pharmaceuticals.

Company Overview

Finlogic S.p.A. is headquartered in Bollate, Lombardy, Italy, and is part of the Finlogic Group. The company employs approximately 100 people and operates three production plants located in Acquaviva delle Fonti, Bollate, and Rottofreno. Finlogic's product portfolio includes adhesive labels, thermal transfer ribbons, digital color printers, and barcode scanning devices. The company collaborates with major brands such as Sato, Zebra, and Honeywell for its hardware solutions. Finlogic is listed on the AIM market, now known as Euronext Growth Milan, and is recognized as an Elite company by Borsa Italiana.

Attack Overview

The ransomware attack has compromised over 20 GB of confidential data, including employee data, client information, scanned payment documents, personal data (such as dates of birth, social security numbers, and passport scans), internal financial documents, contracts, agreements, and certifications. Finlogic's extensive operations span over 60 production lines across facilities in Acquaviva delle Fonti (Bari), Bollate (Milan), and Rottofreno (Piacenza), where they lead in the production of adhesive labels using advanced printing technologies like Flexo UV and Offset. Additionally, they offer a full suite of hardware and software solutions, including barcode printers, RFID systems, and 3D printing services.

About Meow Ransomware Group

Meow Ransomware is a ransomware group that emerged in late 2022, with a resurgence in activity in 2023. They are associated with the Conti v2 ransomware variant and have been active in targeting victims, primarily in the United States. The group maintains a data leak site where they list victims who haven't paid the ransom. Meow Ransomware frequently targets industries with sensitive data, such as healthcare and medical research. They employ various infection methods, including phishing emails, exploit kits, Remote Desktop Protocol (RDP) vulnerabilities, and malvertising. Once a system is compromised, the ransomware encrypts files using a combination of the ChaCha20 and RSA-4096 algorithms.

Penetration and Impact

The ransomware group likely penetrated Finlogic's systems through one of their common infection methods, such as phishing emails or exploiting RDP vulnerabilities. The attack poses a significant threat to Finlogic's commitment to providing high-quality, customized solutions for businesses of all sizes. As Finlogic continues to expand both domestically and internationally, this breach underscores the critical need for advanced cybersecurity measures to protect sensitive data and maintain operational integrity.

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.