Ransomware Attack on Donco & Sons: Meow Group Demands $24K
Incident Date:
August 31, 2024
Overview
Title
Ransomware Attack on Donco & Sons: Meow Group Demands $24K
Victim
Donco and Sons Inc.
Attacker
Meow
Location
First Reported
August 31, 2024
Ransomware Attack on Donco & Sons Inc. by Meow Ransomware Group
Donco & Sons Inc., a family-owned company with over 40 years of experience in the sign and lighting industry, has recently fallen victim to a ransomware attack orchestrated by the notorious Meow ransomware group. This attack has significant implications for the company, which primarily serves the oil and retail sectors.
Company Profile
Based in Anaheim, California, Donco & Sons Inc. specializes in electrical contracting with a focus on signage and lighting solutions. The company operates across several counties, including Orange, Los Angeles, Riverside, San Bernardino, San Diego, Ventura, and Santa Barbara. With an estimated annual revenue of $10 million and a workforce of 20 to 49 employees, Donco & Sons is a well-established player in its niche market. Their expertise in the oil and retail sectors allows them to handle projects ranging from large-scale multi-site programs to smaller single-site projects.
Attack Overview
The Meow ransomware group has claimed responsibility for the attack on Donco & Sons Inc. via their dark web leak site. The attackers are demanding a ransom of $24,000 in exchange for access to over 230 GB of confidential data. The stolen data includes sensitive information such as employee data, client information, scanned payment documents, personal data (including dates of birth, social security numbers, and scans of personal documents), internal financial documents, contracts, agreements, certifications, project costings, and blueprints. This breach exposes deep insights into the company's operations, posing significant risks to their business and clients.
About Meow Ransomware Group
Meow Ransomware emerged in late 2022 and has been associated with the Conti v2 ransomware variant. The group is known for targeting industries with sensitive data, such as healthcare and medical research. They employ various infection methods, including phishing emails, exploit kits, Remote Desktop Protocol (RDP) vulnerabilities, and malvertising. Once a system is compromised, the ransomware encrypts files using a combination of the ChaCha20 and RSA-4096 algorithms. The group maintains a data leak site where they list victims who haven't paid the ransom, primarily targeting organizations in the United States.
Penetration and Vulnerabilities
While the exact method of penetration in the Donco & Sons attack is not publicly disclosed, it is likely that the Meow ransomware group exploited common vulnerabilities such as weak RDP configurations, unpatched software, or phishing attacks. The company's small to medium size may have contributed to its vulnerability, as smaller enterprises often lack the comprehensive cybersecurity measures that larger organizations implement.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.