Ransomware Attack on Leading Pakistani Logistics Firm AG&C

Incident Date:

August 1, 2024

World map

Overview

Title

Ransomware Attack on Leading Pakistani Logistics Firm AG&C

Victim

Ali Gohar & Company Limited

Attacker

Medusa

Location

Karachi, Pakistan

, Pakistan

First Reported

August 1, 2024

Ransomware Attack on Ali Gohar & Company Limited by Medusa Group

Ali Gohar & Company Limited (AG&C), a leading distribution and logistics firm based in Karachi, Pakistan, has fallen victim to a ransomware attack orchestrated by the Medusa ransomware group. The attackers claim to have exfiltrated 51.9 GB of sensitive data and have threatened to release it publicly within 11 to 12 days unless their demands are met.

Company Profile

Established in 1950, AG&C has over 60 years of experience in the supply chain sector. The company specializes in providing comprehensive distribution services, particularly in the pharmaceutical and healthcare industries. AG&C operates a vast network covering approximately 720 cities and towns across Pakistan, connecting manufacturers and consumers through state-of-the-art technology and equipment. The company employs between 1001 to 5000 individuals and is known for its innovative approach, including the use of advanced cold chain technology to manage temperature-sensitive products.

Attack Overview

The Medusa ransomware group has posted sample screenshots of the stolen data on their dark web portal to substantiate their claims. This breach poses a significant risk to AG&C's operations and reputation, highlighting the growing threat of ransomware attacks on critical supply chain entities. The temporary unavailability of AG&C's website further complicates the situation, limiting access to detailed information about the company's current status and response to the attack.

Medusa Ransomware Group

Medusa is a ransomware group that emerged in late 2022 and has gained notoriety for its aggressive tactics and high-profile attacks. Operating as a Ransomware-as-a-Service (RaaS) platform, Medusa allows affiliates to use its ransomware to launch attacks. The group has targeted various sectors globally, including education, healthcare, and government services. Medusa's ransomware is designed to kill numerous applications and services to prevent detection and mitigation, and it disables shadow copies to thwart recovery efforts.

Potential Vulnerabilities

AG&C's extensive network and reliance on state-of-the-art technology make it a lucrative target for ransomware groups like Medusa. The company's use of sophisticated Management Information Systems (MIS) and Quality Assurance protocols, while enhancing operational efficiency, also presents potential entry points for cyber attackers. The breach underscores the importance of cybersecurity measures to protect critical supply chain operations from increasingly sophisticated ransomware threats.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.