Meow Ransomware Hits American Contract Systems, Exposes 111GB of Data
Incident Date:
August 13, 2024
Overview
Title
Meow Ransomware Hits American Contract Systems, Exposes 111GB of Data
Victim
American Contract Systems, Inc.
Attacker
Meow
Location
First Reported
August 13, 2024
Ransomware Attack on American Contract Systems, Inc. by Meow Ransomware Group
American Contract Systems, Inc. (ACS), a prominent player in the healthcare services sector, has recently fallen victim to a ransomware attack orchestrated by the Meow ransomware group. This attack has exposed 111 GB of sensitive data, including employee information, client details, document scans, and financial records.
About American Contract Systems, Inc.
Founded in 2000 and headquartered in Minneapolis, Minnesota, ACS specializes in providing customized sterilization and packaging solutions for the healthcare industry. The company focuses on custom procedure trays (CPTs) and operates multiple production facilities across the United States, including locations in Tampa, Fort Myers, and Kansas City. ACS employs a team with over 350 years of combined experience in the custom pack industry, emphasizing innovation and quality in its operations.
ACS is dedicated to enhancing control and transparency in the management of healthcare supply chains. The company empowers healthcare facilities to optimize their CPT programs by offering detailed insights into costs and component choices. This approach enables hospitals to make informed decisions regarding their supply needs while maintaining high standards of quality and service.
Attack Overview
The Meow ransomware group has claimed responsibility for the attack on ACS via their dark web leak site. The group demanded a ransom of $25,000, threatening to release the stolen data if the ransom was not paid. The exposed data pack included a wide range of confidential information, posing significant risks to ACS and its clients.
About Meow Ransomware Group
Meow Ransomware emerged in late 2022 and has been associated with the Conti v2 ransomware variant. The group is known for targeting industries with sensitive data, such as healthcare and medical research. They employ various infection methods, including phishing emails, exploit kits, Remote Desktop Protocol (RDP) vulnerabilities, and malvertising. Once a system is compromised, the ransomware encrypts files using a combination of the ChaCha20 and RSA-4096 algorithms.
Meow Ransomware leaves behind a ransom note named "readme.txt" that instructs victims to contact the group via email or Telegram to negotiate the ransom payment. The group has been identified as the "Anti-Russian Extortion Group," likely due to their targeting of entities in response to the Russia-Ukraine war.
Vulnerabilities and Penetration
ACS's focus on transparency and control in the healthcare supply chain may have inadvertently made them a target for ransomware groups like Meow. The company's extensive data on costs, component choices, and client information is highly valuable, making it an attractive target for cybercriminals. The exact method of penetration in this attack is not publicly disclosed, but common vectors include phishing emails and RDP vulnerabilities.
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.