Ransomware Attack on A.L.P. Lighting Components by INC_RANSOM Compromises Data

Incident Date:

July 17, 2024

World map

Overview

Title

Ransomware Attack on A.L.P. Lighting Components by INC_RANSOM Compromises Data

Victim

A.L.P. Lighting Components

Attacker

Inc Ransom

Location

Niles, USA

Illinois, USA

First Reported

July 17, 2024

Ransomware Attack on A.L.P. Lighting Components by INC_RANSOM

Company Overview

A.L.P. Lighting Components, established in 1972, is a leading manufacturer and distributor of lighting components. Headquartered in Niles, Illinois, the company operates multiple manufacturing and distribution facilities across the United States and internationally, including locations in Michigan, Tennessee, Georgia, Monterrey (Mexico), and Birmingham (England). With approximately 137 employees, A.L.P. serves a global customer base of nearly 4,000 clients in 21 countries. The company is renowned for its innovative "360° Solutions" suite, which allows for collaboration with customers throughout the entire product lifecycle, from design and prototyping to tooling and manufacturing.

Attack Overview

On July 17, 2024, A.L.P. Lighting Components discovered that they had fallen victim to a ransomware attack orchestrated by the threat actor group known as INC_RANSOM. The attack targeted the company's website, alplighting.com, and compromised sensitive information. While the exact size of the data leak remains unknown, the incident has raised significant concerns about the security of the company's data and operational integrity. A.L.P. Lighting Components is currently investigating the full impact of the attack and working to restore their systems.

About INC_RANSOM

INC_RANSOM is a highly sophisticated cybercriminal group known for its targeted ransomware attacks on corporate and organizational networks. The group employs advanced techniques such as spear-phishing campaigns and exploiting vulnerabilities like CVE-2023-3519 in Citrix NetScaler. INC_RANSOM's attacks involve not only encrypting data but also stealing it and threatening to release it publicly, a tactic known as double extortion. Active since 2023, the group has targeted various industries, including healthcare, education, government entities, and technology companies.

Penetration and Vulnerabilities

The exact method by which INC_RANSOM penetrated A.L.P. Lighting Components' systems is still under investigation. However, the group is known for using both Commercial Off-The-Shelf (COTS) software and legitimate system tools for reconnaissance and lateral movement within a network. The attack on A.L.P. highlights the vulnerabilities that even well-established companies face in the evolving landscape of cyber threats. The incident underscores the importance of robust cybersecurity measures to defend against sophisticated ransomware attacks.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.