Ransomware Attack Disrupts Leading Safety Eyewear Manufacturer Eagle Safety
Incident Date:
August 24, 2024
Overview
Title
Ransomware Attack Disrupts Leading Safety Eyewear Manufacturer Eagle Safety
Victim
Eagle Safety Eyewear
Attacker
ElDorado
Location
First Reported
August 24, 2024
Ransomware Attack on Eagle Safety Eyewear by ElDorado Group
In a recent cyberattack, the ransomware group ElDorado has claimed responsibility for infiltrating Eagle Safety Eyewear, a prominent manufacturer of safety eyewear based in Louisville, Kentucky. The attack was announced on ElDorado's dark web leak site, where the group claimed to have exfiltrated 5 GB of sensitive data from the company.
About Eagle Safety Eyewear
Eagle Safety Eyewear specializes exclusively in the manufacturing, sale, and delivery of ANSI Z87.2-approved prescription and non-prescription safety eyewear. The company operates an in-house lab, producing nearly 7,000 pairs of glasses daily, and is recognized as one of the top ten independent labs in the United States. Their products cater to various industries, including construction, manufacturing, and utilities, ensuring compliance with safety standards through on-site fittings managed by licensed opticians.
Attack Overview
The ransomware attack on Eagle Safety Eyewear has significant implications for the company's operations and data security. ElDorado claims to have exfiltrated 5 GB of sensitive data, which could include proprietary information, customer data, and operational details. The breach underscores the growing threat of ransomware attacks on critical industry players, particularly those with substantial operational capacities and specialized services.
About ElDorado Ransomware Group
ElDorado is a relatively new ransomware group that emerged in early 2024. Operating as a Ransomware-as-a-Service (RaaS) platform, ElDorado's malware is written in Golang, allowing for cross-platform capabilities targeting both Windows and Linux systems, including VMware ESXi. The ransomware uses advanced encryption techniques, such as ChaCha20 for file encryption and RSA-OAEP for key encryption, and is designed to self-delete after execution to avoid detection.
Penetration and Vulnerabilities
While the exact method of penetration remains unclear, ElDorado's tactics typically involve exploiting vulnerabilities in network security, such as weak passwords, unpatched software, and inadequate network segmentation. The group's ability to encrypt files on shared networks using the SMB protocol and remove shadow volume copies on Windows systems further complicates recovery efforts. Eagle Safety Eyewear's significant operational capacity and reliance on in-house lab systems may have presented an attractive target for the ransomware group.
Implications for Eagle Safety Eyewear
The ransomware attack on Eagle Safety Eyewear highlights the critical need for enhanced cybersecurity measures in the manufacturing sector. As a leader in the safety eyewear market, the company must now navigate the challenges posed by this breach, including potential data loss, operational disruptions, and reputational damage. The incident serves as a stark reminder of the evolving threat landscape and the importance of proactive cybersecurity strategies.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.