Ransomware Attack on Grupo SASMET by Arcus Media
Incident Date:
May 24, 2024
Overview
Title
Ransomware Attack on Grupo SASMET by Arcus Media
Victim
Grupo SASMET
Attacker
Arcus Media
Location
First Reported
May 24, 2024
Ransomware Attack on Grupo SASMET by Arcus Media
Victim Overview
Grupo SASMET, a Brazilian company operating in the manufacturing sector, was recently targeted by the Arcus Media ransomware group in May 2024. The company specializes in the production and distribution of metal products, such as steel pipes, fittings, and valves. Grupo SASMET also offers services related to metalworking and industrial maintenance. The company employs between 51-200 people and is registered under the name Saúde Ocupacional.
Arcus Media Ransomware Group
The Arcus Media ransomware group is a relatively new threat actor that has been active since May 2024. The group distinguishes itself by conducting direct and double extortion methods, using phishing emails for initial access, deploying custom ransomware binaries, and employing obfuscation techniques to evade detection.
Attack Details
Grupo SASMET was one of the 11 victims targeted by Arcus Media in a series of attacks. The ransomware group utilizes tactics such as phishing emails with malicious attachments, obfuscated scripts for payload execution, and privilege escalation using tools like Mimikatz. Grupo SASMET's vulnerabilities may have included weak email security measures, lack of robust endpoint protection, and insufficient network segmentation.
How the Attack Occurred
Arcus Media likely gained access to Grupo SASMET's systems through a phishing email that contained a malicious attachment or link. Once inside the network, the group deployed their custom ransomware and used obfuscation techniques to evade detection. The attackers may have exploited vulnerabilities in the company's security infrastructure to establish persistence and escalate privileges.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.