Ransomware Attack by Arcus Media Disrupts DatAnalítica's Operations

Incident Date:

June 29, 2024

World map

Overview

Title

Ransomware Attack by Arcus Media Disrupts DatAnalítica's Operations

Victim

DatAnalítica

Attacker

Arcus Media

Location

Santo Domingo, Dominican Republic

, Dominican Republic

First Reported

June 29, 2024

Ransomware Attack on DatAnalítica by Arcus Media

Overview of DatAnalítica

DatAnalítica is a privately held IT services and consulting company based in Santo Domingo, Dominican Republic. Specializing in business consulting and services, the company focuses on analytics and data-driven solutions. With a team of 2-10 employees, DatAnalítica leverages advanced analytics, big data, and artificial intelligence to help businesses make informed decisions. Their services include data collection, data processing, data visualization, and predictive analytics. The company is known for its customized analytics solutions tailored to the specific needs of their clients, spanning various industries such as finance, healthcare, retail, and manufacturing.

Attack Overview

DatAnalítica recently fell victim to a ransomware attack orchestrated by the Arcus Media ransomware group. The attack was publicly claimed by Arcus Media on their dark web leak site, indicating their involvement in the incident. The ransomware group used sophisticated tactics to penetrate DatAnalítica's systems, compromising sensitive data and potentially disrupting their operations.

Details of the Ransomware Group

Arcus Media is a relatively new ransomware group that has been active since May 2024. The group employs direct and double extortion methods, using phishing emails to gain initial access to victim networks. They deploy custom ransomware binaries and use obfuscation techniques to evade detection. Arcus Media operates on a Ransomware-as-a-Service (RaaS) model, allowing other threat actors to use their malware in exchange for a share of the profits. The group has a unique affiliate program where new affiliates must be referred by a trusted affiliate and vetted to participate.

Penetration of DatAnalítica's Systems

Arcus Media likely penetrated DatAnalítica's systems through phishing emails containing malicious attachments or links. Once inside the network, they deployed custom ransomware binaries and used scripts to execute the payload. The group employed obfuscation techniques to hide their activities and maintain persistence by creating scheduled tasks and modifying the registry. Credential dumping tools like Mimikatz were used to escalate privileges within the network, allowing the attackers to gain deeper access to sensitive data.

Vulnerabilities and Impact

Despite DatAnalítica's emphasis on data security and privacy, the company was vulnerable to the sophisticated tactics employed by Arcus Media. The use of phishing emails as an initial access vector highlights the importance of robust email security measures and employee training. The attack underscores the need for continuous monitoring and advanced threat detection capabilities to identify and mitigate such threats promptly.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.