Lennartsfors AB Hit by Meow Ransomware: 17 GB of Sensitive Data Compromised
Incident Date:
August 16, 2024
Overview
Title
Lennartsfors AB Hit by Meow Ransomware: 17 GB of Sensitive Data Compromised
Victim
Lennartsfors AB
Attacker
Meow
Location
First Reported
August 16, 2024
Ransomware Attack on Lennartsfors AB by Meow Ransomware Group
Lennartsfors AB, a Swedish company renowned for its innovative forestry and agricultural equipment, has fallen victim to a ransomware attack orchestrated by the Meow ransomware group. The attack has compromised 17 GB of sensitive data, including employee information, client details, financial records, and technical drawings.
About Lennartsfors AB
Founded in 1948 and located in Värmland County, Sweden, Lennartsfors AB specializes in the development, manufacturing, and distribution of niche vehicles and machines designed for both off-road and on-road applications. The company is particularly known for its "Järnhästen" (Iron Horse) product line, which has been a staple since the 1980s. With approximately 7 employees and an annual revenue of around $4 million, Lennartsfors AB is a small but significant player in the motor vehicle manufacturing industry. Their products are highly valued for their versatility, making them suitable for a range of applications, including forestry, landscaping, and fire-fighting.
Attack Overview
The Meow ransomware group claims to have infiltrated Lennartsfors AB's systems, exfiltrating 17 GB of sensitive data. The compromised information includes employee data, client information, scanned payment documents, financial records, technical drawings, product development details, and other confidential materials. The attack has been publicized on the group's dark web leak site, putting the company's sensitive information at risk of being exposed if the ransom is not paid.
About Meow Ransomware Group
Meow Ransomware emerged in late 2022 and has been associated with the Conti v2 ransomware variant. The group resurfaced in late 2023 and has been highly active in 2024, primarily targeting organizations in the United States. Meow Ransomware employs various infection methods, including phishing emails, exploit kits, Remote Desktop Protocol (RDP) vulnerabilities, and malvertising. Once a system is compromised, the ransomware encrypts files using a combination of the ChaCha20 and RSA-4096 algorithms. The group is known for its aggressive tactics, including posting victim data on their leak site if the ransom is not paid.
Potential Vulnerabilities
Lennartsfors AB, like many small to medium-sized enterprises, may have been vulnerable due to limited cybersecurity resources and outdated security protocols. The company's focus on niche manufacturing and specialized equipment could have made it an attractive target for ransomware groups seeking to exploit sensitive technical and financial data. The use of RDP vulnerabilities and phishing emails are common attack vectors that could have been employed by the Meow ransomware group to penetrate Lennartsfors AB's systems.
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.