Modulkit Hit by Meow Ransomware: 3GB of Sensitive Data Stolen
Incident Date:
August 27, 2024
Overview
Title
Modulkit Hit by Meow Ransomware: 3GB of Sensitive Data Stolen
Victim
Modulkit 21
Attacker
Meow
Location
First Reported
August 27, 2024
Ransomware Attack on Modulkit: Meow Ransomware Group Claims Responsibility
Modulkit, a prominent manufacturer of modular and custom wardrobes based in Manresa, Barcelona, has recently fallen victim to a ransomware attack orchestrated by the notorious Meow ransomware group. The attack has resulted in the exfiltration of over 3 GB of sensitive data, posing a significant threat to the company's operations and reputation.
Company Profile
Modulkit, officially registered as MODULKIT 21 SL, specializes in the design and manufacturing of modular furniture, with a particular focus on wardrobes. The company offers a diverse range of products, including sliding and hinged wardrobes, bespoke closet systems, and sanitary cabins. Modulkit is known for its innovative and customizable solutions, catering to both residential and commercial projects. The company operates primarily in the household and institutional furniture and kitchen cabinet manufacturing sector and is classified as a small to medium-sized enterprise (SME).
Attack Overview
The Meow ransomware group has claimed responsibility for the attack on Modulkit via their dark web leak site. The attackers have reportedly exfiltrated sensitive employee information, client details, scanned payment documents, personal data, technical drawings, and project designs. This breach not only threatens the security of Modulkit's clients and employees but also jeopardizes the company's reputation for high-quality, customizable furniture solutions.
About Meow Ransomware Group
Meow Ransomware emerged in late 2022 and has been associated with the Conti v2 ransomware variant. The group is known for targeting industries with sensitive data, such as healthcare and medical research. Meow Ransomware employs various infection methods, including phishing emails, exploit kits, Remote Desktop Protocol (RDP) vulnerabilities, and malvertising. Once a system is compromised, the ransomware encrypts files using a combination of the ChaCha20 and RSA-4096 algorithms. The group maintains a data leak site where they list victims who have not paid the ransom.
Penetration and Vulnerabilities
The exact method of penetration in the Modulkit attack is not publicly disclosed, but it is likely that the attackers exploited common vulnerabilities such as phishing emails or RDP vulnerabilities. Modulkit's focus on high-quality, customizable solutions and its extensive catalog of technical drawings and project designs make it an attractive target for ransomware groups seeking valuable data. The breach underscores the importance of stringent cybersecurity measures, particularly for SMEs in the manufacturing sector.
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.