Qilin Ransomware Strikes Major Peruvian Sugar Producer

Incident Date:

July 5, 2024

World map

Overview

Title

Qilin Ransomware Strikes Major Peruvian Sugar Producer

Victim

Pomalca S.A.A.

Attacker

Qilin

Location

Pomalca, Peru

, Peru

First Reported

July 5, 2024

Ransomware Attack on Pomalca S.A.A. by Qilin Group: An In-depth Analysis

Company Profile: Pomalca S.A.A.

Pomalca S.A.A., a stalwart in the Peruvian agricultural sector, specializes in the cultivation and processing of sugarcane. Founded in 1871, the company has grown to become one of the largest sugar producers in Peru. Pomalca stands out in its industry due to its integration of traditional farming with advanced industrial processes, which includes the production of sugar and its by-products like molasses and bagasse. These by-products are innovatively used in producing ethanol and bioenergy, showcasing the company's commitment to sustainability. The company's operations not only support the local economy by providing numerous jobs but also enhance the region's technological and infrastructural development.

Details of the Ransomware Attack

On July 8, 2024, Pomalca S.A.A. fell victim to a ransomware attack orchestrated by the Qilin ransomware group. The specifics regarding the extent of the data breach and the demands of the attackers remain undisclosed at this stage. However, the attack underscores the vulnerability of even those enterprises that are perceived as less likely targets for cybercriminal activities due to their industrial nature and geographical location.

Profile of the Qilin Ransomware Group

The Qilin group, also known as Agenda, is a Ransomware-as-a-Service (RaaS) provider with suspected Russian origins. Known for its sophisticated attack methodologies, Qilin has targeted a variety of sectors including healthcare, automotive, and government agencies since its emergence in late 2022. The group is named after a mythical Chinese creature, symbolizing its stealth and adaptability. Qilin's modus operandi typically involves data exfiltration followed by a double extortion scheme, where they threaten to release the stolen data unless a ransom is paid.

Potential Vulnerabilities and Entry Points

While the exact method of infiltration used by Qilin in the attack on Pomalca remains unclear, common entry points for such groups include phishing attacks, exploitation of unpatched software vulnerabilities, and compromised credentials. Given the scale of Pomalca’s operations and its significant digital footprint, multiple vectors could have been exploited. The integration of modern technology with traditional agricultural practices, although beneficial, also increases the attack surface, potentially exposing the company to cyber threats.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.