J.M. Champeau Inc. Hit by Cactus Ransomware Group Stealing 130GB Data

Incident Date:

September 6, 2024

World map

Overview

Title

J.M. Champeau Inc. Hit by Cactus Ransomware Group Stealing 130GB Data

Victim

J.M. Champeau, Inc

Attacker

Cactus

Location

Saint-Malo, Canada

, Canada

First Reported

September 6, 2024

Ransomware Attack on J.M. Champeau, Inc. by Cactus Group

J.M. Champeau, Inc., a prominent family-owned business in the hardwood industry, has recently fallen victim to a ransomware attack orchestrated by the Cactus ransomware group. The attack has resulted in the exfiltration of approximately 130GB of sensitive data, including business documents, financial records, engineering projects, and personal information of employees and executives.

About J.M. Champeau, Inc.

Founded in the early 1900s and based in Saint-Malo, Quebec, J.M. Champeau, Inc. specializes in the production and distribution of hardwood components and lumber. The company operates a 225,000 square foot facility and employs over 230 skilled workers. Known for their unique VacuBright process and commitment to sustainability, Champeau has built a reputation for excellence in the hardwood industry. Their innovative use of artificial intelligence to detect defects in wood products further distinguishes them in the market.

Attack Overview

The Cactus ransomware group has claimed responsibility for the attack, which was disclosed on their dark web leak site. The compromised data includes less than 1% of Personal Identifiable Information (PII) but encompasses a wide array of sensitive business information. The breach could significantly impact Champeau's operational integrity, security protocols, and privacy measures.

About the Cactus Ransomware Group

Identified in March 2023, the Cactus ransomware group has quickly become a notable player in the ransomware landscape. They employ sophisticated tactics, including exploiting vulnerabilities in VPN appliances and leveraging phishing attacks. Cactus is known for its double-extortion strategy, where they not only encrypt data but also threaten to leak it if the ransom is not paid. Their ability to encrypt their own binary to evade detection makes them particularly challenging for security teams to counter.

Penetration and Impact

Cactus primarily gains access to networks by exploiting known vulnerabilities in VPN devices, such as those from Fortinet, and through phishing attacks. Once inside, they establish command and control communications via SSH and use Scheduled Tasks to maintain persistence. The group's rapid adaptation to newly discovered vulnerabilities and sophisticated evasion techniques have made them a significant threat in the cybersecurity landscape.

Implications for J.M. Champeau, Inc.

The ransomware attack on J.M. Champeau, Inc. underscores the vulnerabilities that even well-established companies face in the digital age. The exposure of critical business and personal information could have far-reaching consequences for the company's reputation and operational security. As Champeau navigates the aftermath of this breach, the incident serves as a stark reminder of the importance of robust cybersecurity measures.

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.