Ransomware Attack on ExcelPlast Tunisie by ORCA Group

ExcelPlast Tunisie, a leading company in the plastic transformation industry in Tunisia, has recently fallen victim to a ransomware attack orchestrated by the notorious ORCA group. The attackers claim to have exfiltrated 20 GB of sensitive data, potentially compromising critical information about the company's operations and clients.

About ExcelPlast Tunisie

ExcelPlast Tunisie SA is a prominent company based in Hammam Zriba, Tunisia, specializing in the processing of plastics. The company is recognized as a pioneer in the manufacture of polypropylene and polyester strapping within the Maghreb region. Leveraging advanced European technology, ExcelPlast Tunisie focuses on performance, quality, and safety, making its products superior to traditional metallic strapping. The company employs between 100 and 249 individuals and generates approximately $14.7 million in revenue annually.

ExcelPlast Tunisie stands out in its industry due to its commitment to high-quality standards, customer satisfaction, and sustainable practices. The company adheres to strict environmental regulations and actively participates in community initiatives focused on health, education, and environmental preservation. Its products are not only popular within Tunisia but are also regularly exported to North African countries, Europe, the Middle East, and Sub-Saharan Africa.

Attack Overview

The ORCA ransomware group has claimed responsibility for the attack on ExcelPlast Tunisie via their dark web leak site. The attackers have reportedly exfiltrated 20 GB of data, which could include sensitive information about the company's operations, clients, and employees. The ransomware group is known for its double-extortion tactics, where they not only encrypt files but also threaten to publish stolen data if the ransom is not paid.

About ORCA Ransomware Group

The ORCA ransomware is a sophisticated malware variant that belongs to the ZEPPELIN family. It employs strong encryption techniques to lock files on infected systems, making recovery without the decryption key virtually impossible. The group is notorious for its double-extortion tactics, demanding ransom payments in Bitcoin and threatening to publish exfiltrated data if the ransom is not paid. The ransomware modifies file extensions to '.ORCA' followed by a unique ID for each victim and leaves a ransom note named `HOW_TO_RECOVER_DATA.hta` on the victim's desktop.

Potential Vulnerabilities

ExcelPlast Tunisie's commitment to innovation and performance, while a strength, may also expose it to vulnerabilities. The company's extensive use of advanced technology and its significant digital footprint could make it an attractive target for ransomware groups like ORCA. Additionally, the company's international operations and large workforce may present multiple entry points for cyber attackers.

Sources

• ExcelPlast Tunisie - People & Values
• ExcelPlast Tunisie - Home
• ZoomInfo - ExcelPlast Tunisie SA
• PCRisk - ORCA Ransomware
• Enigma Software - ORCA Ransomware Removal