Qilin Ransomware Hits Bertelkamp Automation in Major Cyber Attack
Incident Date:
September 18, 2024
Overview
Title
Qilin Ransomware Hits Bertelkamp Automation in Major Cyber Attack
Victim
Bertelkamp Automation
Attacker
Qilin
Location
First Reported
September 18, 2024
Qilin Ransomware Group Targets Bertelkamp Automation
Bertelkamp Automation, a prominent provider of industrial automation solutions based in Knoxville, Tennessee, has fallen victim to a ransomware attack orchestrated by the Qilin ransomware group. The attack was publicly claimed by Qilin on their dark web leak site, raising concerns about the potential compromise of sensitive data.
About Bertelkamp Automation
Established in 1975, Bertelkamp Automation specializes in the wholesale distribution of industrial machinery and equipment. The company offers a wide range of automation technologies, including electromechanical and pneumatic automation equipment, advanced machine vision solutions, and material handling systems. Serving primarily the Southeastern United States, Bertelkamp Automation is known for its comprehensive engineering and product support services, which include consulting on system design and integration, as well as training courses for personnel.
Company Vulnerabilities
Bertelkamp Automation's extensive involvement in industrial automation and its reliance on interconnected systems make it a lucrative target for ransomware groups. The company's focus on integrating advanced technologies and providing tailored solutions to clients may have introduced vulnerabilities that threat actors like Qilin could exploit. Additionally, the company's significant market presence and the sensitive nature of the data it handles further increase its attractiveness to cybercriminals.
Attack Overview
The Qilin ransomware group, also known as Agenda, claimed responsibility for the attack on Bertelkamp Automation. The group operates under a Ransomware-as-a-Service (RaaS) model, providing affiliates with the tools to conduct ransomware operations. Qilin employs a double extortion strategy, encrypting the victim's data and exfiltrating sensitive information. The group has targeted over 150 organizations in 25 countries, including notable sectors such as healthcare and automotive industries.
Qilin Ransomware Group
Qilin distinguishes itself through its use of Rust-based malware, which enhances its evasion capabilities and allows for effective attacks across multiple operating systems, including Windows and Linux. The group is believed to have links to Russian cybercriminals and has been active since July 2022. Qilin's attack techniques include phishing emails for initial access, lateral movement through vulnerabilities, and data exfiltration before encryption. The group's dark web presence serves as a platform for extortion and public shaming of victims.
Potential Penetration Methods
Qilin could have penetrated Bertelkamp Automation's systems through various methods, including phishing emails containing malicious links, exploiting vulnerabilities within the company's network, and leveraging weak security protocols. The group's ability to customize attacks and terminate specific processes to maximize disruption further underscores the sophistication of their operations.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.