Ransomware Attack Disrupts Casco Antiguo's Operations
Incident Date:
August 6, 2024
Overview
Title
Ransomware Attack Disrupts Casco Antiguo's Operations
Victim
Casco Antiguo
Attacker
Hunters International
Location
First Reported
August 6, 2024
Ransomware Attack on Casco Antiguo by Hunters International
Casco Antiguo, a prominent online retailer specializing in scuba diving equipment, has recently fallen victim to a ransomware attack orchestrated by the Hunters International ransomware group. This incident has raised significant concerns about the security of the company's operations and the potential compromise of sensitive data.
About Casco Antiguo
Casco Antiguo, officially known as Casco Antiguo Comercial S.L., is a Spanish company dedicated to the manufacture, distribution, and sale of commercial, technical, and recreational diving equipment. The company operates primarily through its online platform, cascoantiguo.com, and caters to both recreational and professional diving markets. Their product range includes essential diving gear such as wetsuits, tanks, regulators, and advanced equipment like the DPV (Diver Propulsion Vehicle) XJ-T.
With a presence in multiple countries, including Colombia, Mexico, and Panama, Casco Antiguo serves a diverse customer base. The company also offers business accounts for wholesale customers, enhancing accessibility for dive shops and professionals who require regular supplies of diving gear.
Attack Overview
The ransomware attack on Casco Antiguo has likely disrupted their operations and could potentially compromise sensitive data. The company, which generates annual revenues between $10 million and $4 million, has been listed as a target by the cybercriminals. This attack poses significant challenges to their business continuity and reputation.
About Hunters International
Hunters International is a Ransomware-as-a-Service (RaaS) group that emerged in Q3 of 2023, shortly after the disruption of the notorious Hive ransomware group. The group's ransomware code contains approximately 60% overlap with samples of Hive ransomware, indicating a shared technical lineage. Hunters International's primary objective is to exfiltrate target data and subsequently extort victims with a ransom demand in exchange for the return of the stolen data.
Investigations have revealed potential ties to Nigeria through domain registrations and email addresses associated with the group. However, the group is known to use fake identities and tricky methods to conceal their true origins, making it difficult to definitively determine their location and leadership.
Penetration and Impact
While the exact method of penetration into Casco Antiguo's systems is not publicly disclosed, it is likely that the group exploited vulnerabilities in the company's cybersecurity infrastructure. Given the technical overlap with Hive ransomware, Hunters International may have used similar encryption methods and tactics to infiltrate the company's network.
The attack has resulted in significant data breaches, financial losses, and reputational damage to Casco Antiguo. This incident underscores the importance of effective cybersecurity measures to protect against evolving threats posed by ransomware groups like Hunters International.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.