Ransomware Attack on Prominent Singapore Retailer: Mr Bean Group Limited Under Siege

Incident Date:

May 4, 2024

World map



Ransomware Attack on Prominent Singapore Retailer: Mr Bean Group Limited Under Siege


Mr Bean Group Limited




Singapore, Singapore

, Singapore

First Reported

May 4, 2024

Ransomware Attack on Mr Bean Group Limited by SpaceBears

Company Profile: Mr Bean Group Limited

Mr Bean Group Limited, a prominent Singapore-based retailer, specializes in soybean-based food and drink products. Founded in 1995, the company has expanded significantly, operating over 76 outlets across Singapore and Asia. Known for its commitment to sustainability, Mr Bean utilizes a closed-loop system in its production processes, minimizing waste and reducing environmental impact.

Despite not disclosing specific revenue figures, the extensive network of outlets suggests that Mr Bean generates substantial revenue from its operations. The company's innovative approach to traditional nutritional values and customer-centric philosophy positions it as a leader in the retail sector.

Details of the Ransomware Attack

The ransomware group SpaceBears has recently claimed responsibility for an attack on Mr Bean Group Limited. SpaceBears, a relatively new player in the cyber threat landscape, has targeted various organizations worldwide. Their operations are characterized by sophisticated ransomware deployments demanding large ransoms for decryption keys. The group's clearnet presence in Moscow hints at a Russian origin, adding an international dimension to the threat.

Potential Vulnerabilities and Threat Entry

While specific details of the breach have not been disclosed, companies like Mr Bean with extensive digital and physical presences are often vulnerable to phishing attacks, inadequate firewall protections, and unpatched software vulnerabilities. These gaps can provide easy entry points for sophisticated cybercriminal groups such as SpaceBears.

The retail sector's reliance on digital transactions and data storage for customer information makes it a lucrative target for ransomware attacks, aiming to cripple operations and extract significant financial gains through ransom.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.