Ransomware Attack on MRI by Hunters Exposes Sensitive Data and IT Vulnerabilities
Incident Date:
June 15, 2024
Overview
Title
Ransomware Attack on MRI by Hunters Exposes Sensitive Data and IT Vulnerabilities
Victim
Manufacturing Resources International, Inc. (MRI)
Attacker
Hunters International
Location
First Reported
June 15, 2024
Ransomware Attack on Manufacturing Resources International, Inc. by Hunters
Company Overview
Manufacturing Resources International, Inc. (MRI) is an Atlanta-based company specializing in the design and manufacture of high-performance outdoor and semi-outdoor digital LCD displays. Founded in 2004, MRI has established itself as a leader in the industry with a strong focus on advancing display technology. The company boasts 578 granted patents in the US and several foreign countries. MRI's standout feature is its commitment to delivering the highest performance in display brightness, contrast, and color saturation, guaranteed for 10 years. The company operates a global monitoring and support network to offer remote and on-site service for every display it deploys.
Attack Overview
Hunters, a ransomware group, has claimed responsibility for a cyberattack on MRI. The attack has resulted in the exfiltration of sensitive data, including financial documents, IT data, project information, and screenshots. MRI, with a revenue of $25 million and 392 employees, now faces significant challenges in managing the repercussions of this breach. The attack was disclosed on Hunters' dark web leak site, highlighting the group's focus on data theft rather than encryption.
About Hunters Ransomware Group
Hunters International emerged in the cyber landscape following the disruption of the Hive ransomware group. Unlike Hive, Hunters focuses on stealing data rather than encrypting it. The group has customized Hive's ransomware to enhance simplicity and efficiency, making it easier for operatives to use. Hunters targets a diverse range of sectors, including healthcare, automotive, manufacturing, logistics, financial, educational, and food industries. Their operations have been linked to Nigeria through domain registrations and email addresses associated with the group.
Vulnerabilities and Penetration
MRI's extensive use of advanced technology and global operations may have made it an attractive target for Hunters. The company's reliance on digital systems for monitoring and supporting its displays could have provided multiple entry points for the ransomware group. Additionally, the exfiltration of financial and project-related data suggests that Hunters may have exploited vulnerabilities in MRI's IT infrastructure to gain access to sensitive information.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.