Ransomware Attack Exposes 250GB of Data at The Gill Corporation
Incident Date:
July 29, 2024
Overview
Title
Ransomware Attack Exposes 250GB of Data at The Gill Corporation
Victim
The Gill Corporation
Attacker
Hunters International
Location
First Reported
July 29, 2024
Ransomware Attack on The Gill Corporation by Hunters International
The Gill Corporation, a prominent manufacturer of high-performance composite materials for the aerospace and transportation industries, has been targeted by the ransomware group Hunters International. The attack, discovered on July 30, 2024, has resulted in a significant data breach, with a total leak size of 250.9GB.
Company Overview
Established in 1945, The Gill Corporation is renowned for its innovative approaches and advanced technologies in manufacturing composite materials. The company serves various sectors, including commercial and military aviation, automotive, and space exploration. With headquarters in El Monte, California, and additional facilities in Maryland, France, and the United Kingdom, The Gill Corporation reported an annual revenue of $271.5 million and employs approximately 333 people.
Attack Overview
The ransomware attack orchestrated by Hunters International has compromised highly sensitive information, including HR confidential files and upcoming information technology projects. The attackers have provided screenshots as proof of the breach, showcasing the extent of the data they have accessed. Among the leaked data, there are 6,451 files amounting to 75GB and an additional 282 files totaling 338MB, all marked as strictly confidential. The Gill Corporation is currently assessing the full impact of the breach and working on measures to mitigate the damage and secure their systems.
About Hunters International
Hunters International is a Ransomware-as-a-Service (RaaS) group that emerged in Q3 of 2023, shortly after the disruption of the notorious Hive ransomware group. The group exhibits significant technical overlap with Hive, suggesting an evolution or offshoot of the dismantled operation. Hunters International's ransomware code contains approximately 60% overlap with samples of Hive ransomware version 61, indicating a shared technical lineage. The group's primary objective is to exfiltrate target data and subsequently extort victims with a ransom demand in exchange for the return of the stolen data.
Penetration and Vulnerabilities
The exact method of penetration used by Hunters International to infiltrate The Gill Corporation's systems remains unclear. However, the group's techniques and operational strategies resemble those of the Hive ransomware, suggesting they may have exploited similar vulnerabilities. The Gill Corporation's extensive use of advanced technologies and its significant digital footprint could have made it an attractive target for ransomware attacks. The company's commitment to innovation and quality, while a strength, also necessitates robust cybersecurity measures to protect sensitive data and intellectual property.
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.