Ransomware Attack Disrupts Industrial Bolsera Operations
Incident Date:
July 24, 2024
Overview
Title
Ransomware Attack Disrupts Industrial Bolsera Operations
Victim
Industrial Bolsera
Attacker
Donutleaks
Location
First Reported
July 24, 2024
Ransomware Attack on Industrial Bolsera by Donutleaks
Overview of Industrial Bolsera
Industrial Bolsera, based in Caldes de Montbui, Barcelona, specializes in the design, manufacturing, and printing of paper bags and flexible packaging. The company is renowned for its expertise in flexography and gravure printing techniques, which are essential for producing high-quality, durable packaging products. Their focus on customization and sustainability has made them a preferred partner in the food and retail sectors. Industrial Bolsera employs between 50 and 249 individuals and reports an annual turnover ranging from 10 to 50 million euros.
Details of the Ransomware Attack
Industrial Bolsera has recently fallen victim to a ransomware attack orchestrated by the cybercriminal group Donutleaks. The attack has compromised the company's website, https://www.industrialbolsera.com/ca/index.htm, disrupting their operations. Despite their commitment to maintaining high standards in design, R&D, and manufacturing processes, this incident highlights vulnerabilities in their digital infrastructure.
About Donutleaks Ransomware Group
Donutleaks is a data extortion group first detected in August 2022. The group has been linked to several high-profile cyberattacks, including those on DESFA, Sheppard Robson, and Sando. Donutleaks uses customized ransomware for double-extortion attacks, encrypting files and leaking stolen data to extort victims. Their ransomware renames encrypted files with the ".d0nut" extension and avoids files containing specific strings like "Edge" and "Windows." The group maintains a data storage site with approximately 2.8 TB of stolen data from various victims.
Potential Vulnerabilities and Penetration Methods
The attack on Industrial Bolsera underscores the growing threat of ransomware attacks on businesses of all sizes and sectors. While the exact method of penetration remains unclear, common vulnerabilities include outdated software, weak passwords, and insufficient network security measures. Given Donutleaks' history, it is likely that the group exploited one or more of these vulnerabilities to gain access to Industrial Bolsera's systems.
Impact and Implications
The ransomware attack has significant implications for Industrial Bolsera, disrupting their operations and potentially compromising sensitive data. The incident serves as a stark reminder of the importance of robust cybersecurity measures, even for companies with a strong focus on quality and sustainability.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.