Pella Corporation Targeted in Ransomware Attack
Incident Date:
May 10, 2024
Overview
Title
Pella Corporation Targeted in Ransomware Attack
Victim
Pella Corporation
Attacker
Hunters International
Location
First Reported
May 10, 2024
Ransomware Attack on Pella Corporation
Victim Profile
Pella Corporation, a leading manufacturer of windows and doors based in the USA, was targeted by the cybercrime group Hunters International in a recent ransomware attack. The company, founded in 1925, operates multiple manufacturing plants in Iowa and Pennsylvania. Pella Corporation is known for its commitment to innovation and quality, offering high-end products through various distribution channels.
Company Size and Standout Features
The company employs over 6,000 individuals across 13 manufacturing locations and had an annual revenue of $2.2 billion in 2024. The company stands out in the industry for delivering exceptional beauty, performance, and peace of mind through its innovative windows and doors. Noteworthy innovations include the Pella® Hidden Screen and the Pella® Steady Set™ Interior Installation System.
Vulnerabilities and Attack Details
The ransomware attack on Pella Corporation resulted in the exfiltration of 339.4 GB of data, comprising 141,762 files. The stolen data included sensitive information such as financial data and personally identifiable information (PII). The attack exploited vulnerabilities in the company's systems, potentially through phishing emails, unpatched software, or weak network security measures.
Ransomware Group Distinction
Hunters International, the ransomware group behind the attack, distinguishes itself by focusing on stealing data rather than encrypting it. This approach sets them apart from other ransomware groups like Hive, which operate with a different modus operandi. Hunters International has customized ransomware tools for simplicity and efficiency, making them a significant threat to organizations across various sectors.
Sources:
1. Hunters International Dark Web Profile
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.