Ransomware Attack on Grupo Scanda by Cactus Ransomware Group
Incident Date:
May 13, 2024
Overview
Title
Ransomware Attack on Grupo Scanda by Cactus Ransomware Group
Victim
Grupo Scanda S.A.
Attacker
Cactus
Location
First Reported
May 13, 2024
Ransomware Attack on Grupo Scanda by Cactus Ransomware Group
Victim Overview
Grupo Scanda is a Mexican company with over 25 years of experience in providing IT services and consulting. They have a significant presence in the IT market, with 1,600 employees and annual revenue of $180 million. Grupo Scanda offers cutting-edge solutions and technologies to take businesses to the next level.
Attack Overview
The company fell victim to a severe cyberattack by the Cactus ransomware group, resulting in the compromise of their website. The attack exposed 387 gigabytes of data, potentially including sensitive information. This incident highlights the importance of robust cybersecurity measures to protect against such threats and safeguard data.
Ransomware Group Profile
The Cactus ransomware group, operating as a ransomware-as-a-service (RaaS), is known for exploiting vulnerabilities and leveraging malvertising lures for targeted attacks. They employ unique encryption techniques to avoid detection and have been observed targeting organizations of all sizes across various industries.
How the Attack Happened
Cactus ransomware affiliates use custom scripts to disable security tools and distribute the ransomware. They exploit vulnerabilities like ZeroLogon (CVE-2020-1472) to gain access to domain controllers and escalate privileges. The group's tactics align with the MITRE ATT&CK Framework, demonstrating a sophisticated understanding of cyber threats.
Sources:
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.