Ransomware Attack on MRI by Hunters Exposes Sensitive Data and IT Vulnerabilities

Incident Date:

June 15, 2024

World map

Overview

Title

Ransomware Attack on MRI by Hunters Exposes Sensitive Data and IT Vulnerabilities

Victim

Manufacturing Resources International, Inc. (MRI)

Attacker

Hunters International

Location

Alpharetta, USA

Georgia, USA

First Reported

June 15, 2024

Ransomware Attack on Manufacturing Resources International, Inc. by Hunters

Company Overview

Manufacturing Resources International, Inc. (MRI) is an Atlanta-based company specializing in the design and manufacture of high-performance outdoor and semi-outdoor digital LCD displays. Founded in 2004, MRI has established itself as a leader in the industry with a strong focus on advancing display technology. The company boasts 578 granted patents in the US and several foreign countries. MRI's standout feature is its commitment to delivering the highest performance in display brightness, contrast, and color saturation, guaranteed for 10 years. The company operates a global monitoring and support network to offer remote and on-site service for every display it deploys.

Attack Overview

Hunters, a ransomware group, has claimed responsibility for a cyberattack on MRI. The attack has resulted in the exfiltration of sensitive data, including financial documents, IT data, project information, and screenshots. MRI, with a revenue of $25 million and 392 employees, now faces significant challenges in managing the repercussions of this breach. The attack was disclosed on Hunters' dark web leak site, highlighting the group's focus on data theft rather than encryption.

About Hunters Ransomware Group

Hunters International emerged in the cyber landscape following the disruption of the Hive ransomware group. Unlike Hive, Hunters focuses on stealing data rather than encrypting it. The group has customized Hive's ransomware to enhance simplicity and efficiency, making it easier for operatives to use. Hunters targets a diverse range of sectors, including healthcare, automotive, manufacturing, logistics, financial, educational, and food industries. Their operations have been linked to Nigeria through domain registrations and email addresses associated with the group.

Vulnerabilities and Penetration

MRI's extensive use of advanced technology and global operations may have made it an attractive target for Hunters. The company's reliance on digital systems for monitoring and supporting its displays could have provided multiple entry points for the ransomware group. Additionally, the exfiltration of financial and project-related data suggests that Hunters may have exploited vulnerabilities in MRI's IT infrastructure to gain access to sensitive information.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.