Millimages Hit by Cactus Ransomware, 147GB Data Compromised

Incident Date:

June 23, 2024

World map

Overview

Title

Millimages Hit by Cactus Ransomware, 147GB Data Compromised

Victim

Millimages

Attacker

Cactus

Location

Paris, France

, France

First Reported

June 23, 2024

Analysis of the Cactus Ransomware Attack on Millimages

Company Profile: Millimages

Millimages, a prominent independent animation studio based in Paris, France, with additional offices in London and Shenzhen, specializes in the development, production, and distribution of family-oriented entertainment content. Founded in 1991, the company has cultivated a significant digital presence, boasting over 75 intellectual properties and generating 10 million daily views across more than 100 digital networks. Millimages stands out in the media and internet sector for its extensive catalog of 1,500 hours of produced content and its strategic expansion into global markets, including recent licensing deals in Latin America and the UK.

Details of the Ransomware Attack

The Cactus ransomware group has targeted Millimages, leading to the exfiltration of 147GB of sensitive data. This breach includes personal identifiable information, corporate agreements, financial documents, and more. The attack has compromised the company's operational integrity and exposed a vast amount of confidential data, with only a fraction currently disclosed publicly.

Profile of the Cactus Ransomware Group

The Cactus group, identified as a ransomware-as-a-service (RaaS) entity, is notorious for its sophisticated attack methodologies, including the exploitation of the ZeroLogon vulnerability and advanced encryption tactics. This group's approach typically involves disabling security tools, using custom scripts, and executing the ransomware to evade detection and maintain persistence within the victim's network.

Potential Vulnerabilities and Attack Vectors

Millimages' significant digital footprint and extensive use of digital distribution channels may have increased its exposure to cyber threats like those posed by Cactus. The company's reliance on digital technologies and international connectivity could have provided multiple vectors for Cactus to exploit, particularly if there were unpatched vulnerabilities or insufficient endpoint protections.

Sources:

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.