Orca Ransomware Group Targets Chernan Technology Co Ltd

In a recent cyberattack, the Orca Ransomware group has claimed responsibility for infiltrating the systems of Chernan Technology Co Ltd, a prominent Taiwanese manufacturer specializing in tin and tin wire products. The attackers assert that they have exfiltrated 18GB of data from the company's systems, raising significant concerns about cybersecurity vulnerabilities within the manufacturing sector.

About Chernan Technology Co Ltd

Established on April 10, 1984, Chernan Technology Co Ltd, originally known as Tunghui Tin Industry, has evolved into a key player in the manufacturing of tin and tin wire products. As a subsidiary of the Chernan Solder Group, the company operates extensive facilities in Taiwan and mainland China, producing approximately 600 tons of tin and 200 tons of tin wire monthly. Their commitment to innovation is evident in their early adoption of environmentally friendly lead-free soldering solutions, such as the SN100C alloy from Japan's Nihon Superior Company.

Chernan's focus on quality and customer service has garnered them partnerships with major electronics manufacturers like Foxconn and Asus. Their operational strategy includes periodic testing of liquid tin, professional cleaning of tin furnaces, and assessments to improve soldering processes for clients. This customer-centric approach has solidified their reputation within the industry.

Details of the Attack

In September 2024, Chernan Technology fell victim to the Orca Ransomware group. The attackers claim to have exfiltrated 18GB of sensitive data, which could potentially include proprietary information and client details. The specifics of the compromised data remain undisclosed, but the incident underscores the vulnerabilities that even well-established companies face in the current cybersecurity landscape.

About Orca Ransomware Group

The Orca Ransomware group is known for its sophisticated malware, which belongs to the Zeppelin family. This ransomware employs strong encryption techniques to lock files on infected systems, making recovery without the decryption key virtually impossible. Orca is notorious for its double-extortion tactics, where attackers not only encrypt files but also exfiltrate sensitive data, threatening to publish it if the ransom is not paid.

Orca typically modifies file extensions to '.ORCA' followed by a unique ID for each victim. Victims find a ransom note named 'HOW_TO_RECOVER_DATA.hta' on their desktop, which contains payment instructions. The attackers demand payment in Bitcoin within 72 hours, threatening to delete the decryption key and publish stolen data if the ransom is not met.

Potential Vulnerabilities

While the exact method of infiltration remains unclear, common vulnerabilities that ransomware groups exploit include outdated software, weak passwords, and insufficient network segmentation. Given Chernan Technology's extensive operations and reliance on digital systems for manufacturing and client services, these factors could have contributed to the successful breach by the Orca group.

Sources

• Ransomware Orca Group Hits Chernan Technology
• Chernan Technology Co Ltd Official Website
• Chernan Technology Co Ltd Profile on ZoomInfo
• Orca Ransomware Removal Guide
• Orca Ransomware Information on PCRisk