Qilin Ransomware Strikes Portuguese IT Firm Luso Cuanza
Incident Date:
September 25, 2024
Overview
Title
Qilin Ransomware Strikes Portuguese IT Firm Luso Cuanza
Victim
Luso Cuanzа
Attacker
Qilin
Location
First Reported
September 25, 2024
Qilin Ransomware Group Targets Luso Cuanza in Sophisticated Cyber Attack
Luso Cuanza, a leading Portuguese IT company specializing in Computer-Aided Design (CAD) solutions, has recently fallen victim to a ransomware attack orchestrated by the notorious Qilin group. This incident highlights the growing threat of ransomware attacks on companies operating in the technology sector.
About Luso Cuanza
Established in 1991 and based in Lisbon, Luso Cuanza has built a reputation as a prominent provider of integrated IT solutions, particularly in the realm of CAD for civil engineering and architectural design. The company serves over 600 clients, including major corporations and government institutions, and is recognized for its strategic partnerships with technology giants like Autodesk, HP, and Microsoft. Despite its relatively small workforce of approximately 19 employees, Luso Cuanza has consistently been acknowledged for its excellence as an Autodesk reseller.
Attack Overview
The Qilin ransomware group, known for its sophisticated cyber attacks, has claimed responsibility for the breach. The attackers reportedly gained access to Luso Cuanza's systems, potentially compromising sensitive data and disrupting business operations. The attack underscores the vulnerabilities faced by companies in the IT sector, particularly those with extensive digital assets and client data.
Qilin Ransomware Group
Qilin, also known as Agenda, operates under a Ransomware-as-a-Service (RaaS) model, providing affiliates with tools to conduct ransomware operations. The group distinguishes itself through its use of Rust-based malware, which enhances its evasion capabilities and allows for attacks across multiple operating systems. Qilin employs a double extortion strategy, encrypting data and threatening to release it if ransoms are not paid. Their operations have targeted over 150 organizations globally, affecting sectors such as healthcare and education.
Potential Vulnerabilities
Luso Cuanza's extensive digital infrastructure and reliance on partnerships with major technology firms may have made it an attractive target for Qilin. The company's focus on CAD solutions and its role as an Autodesk reseller suggest a wealth of valuable data that could be exploited by cybercriminals. The attack highlights the importance of effective cybersecurity measures, particularly for companies handling sensitive client information.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.