Ransomware Attack by ArcusMedia Disrupts Freightliner of Grand Rapids & Kalamazoo

Incident Date:

June 29, 2024

World map

Overview

Title

Ransomware Attack by ArcusMedia Disrupts Freightliner of Grand Rapids & Kalamazoo

Victim

Freightliner of Grand Rapids & Kalamazoo

Attacker

Arcus Media

Location

Grand Rapids, USA

Michigan, USA

First Reported

June 29, 2024

Ransomware Attack on Freightliner of Grand Rapids & Kalamazoo by ArcusMedia

Overview of Freightliner of Grand Rapids & Kalamazoo

Freightliner of Grand Rapids & Kalamazoo is a leading commercial truck dealership and service center in Michigan. The company specializes in selling, servicing, and supporting Freightliner trucks, catering to individual truck owners, small businesses, and large commercial fleets. Renowned for their high-quality products and services, the dealership offers a wide range of new and used Freightliner trucks known for their durability, reliability, and advanced technology.

Besides truck sales, the dealership provides comprehensive maintenance and repair services. Their state-of-the-art service centers are staffed by certified technicians who use advanced diagnostic tools and genuine Freightliner parts to ensure top-notch repairs. The dealership also offers a variety of parts and accessories, along with financing and leasing options to help customers manage the cost of acquiring new or used trucks.

Details of the Ransomware Attack

On July 1, 2024, Freightliner of Grand Rapids & Kalamazoo was targeted by a ransomware attack executed by the ArcusMedia ransomware group. ArcusMedia publicly claimed responsibility for the attack via their dark web leak site. While the full extent of the data breach is still unknown, the incident has raised significant concerns about the security of the dealership's systems and the potential impact on their operations and customers.

About ArcusMedia Ransomware Group

ArcusMedia is a relatively new ransomware group active since May 2024. The group uses direct and double extortion methods, often gaining initial access through phishing emails. They deploy custom ransomware binaries and use obfuscation techniques to evade detection. ArcusMedia operates on a Ransomware-as-a-Service (RaaS) model, allowing other threat actors to use their malware in exchange for a share of the profits. The group has a unique affiliate program that requires new affiliates to be referred by trusted members and vetted before participation.

ArcusMedia has targeted various sectors, including government, banking and finance, construction, IT, manufacturing, healthcare, and education. Despite being new, the group has quickly established itself with distinct tactics, techniques, and procedures (TTPs).

Potential Vulnerabilities and Penetration Methods

Freightliner of Grand Rapids & Kalamazoo, like many organizations in the transportation sector, may have several vulnerabilities that could be exploited by threat actors like ArcusMedia. The use of phishing emails to gain initial access suggests that the dealership's employees could have been targeted with malicious attachments or links. Once inside the network, the attackers likely deployed custom ransomware binaries and used obfuscation techniques to avoid detection by security tools.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.