Ransomware Attack on Shamrock Trading Corporation
Incident Date:
May 23, 2024
Overview
Title
Ransomware Attack on Shamrock Trading Corporation
Victim
Shamrock Trading Association
Attacker
Embargo
Location
First Reported
May 23, 2024
Ransomware Attack on Shamrock Trading Corporation
Victim Overview
Shamrock Trading Corporation, a transportation logistics company, was recently targeted by the ransomware group Embargo. The company, with 860 employees and an annual revenue of $396.9 million, offers services such as freight brokerage, carrier services, and supply chain solutions. Shamrock Trading Corporation has been recognized as one of the "Best Places to Work" and as one of Newsweek's top 100 "Most Loved Workplaces" in America.
Attack Overview
Embargo is a ransomware group known for its sophisticated tactics and the use of the Rust programming language in developing its ransomware. The group employs double extortion tactics, threatening to publicly release or sell stolen data if ransom demands are not met. Embargo ransomware utilizes ChaCha20 and Curve25519 for file encryption and appends a ".564ba1" extension to encrypted files.
Ransomware Group Details
Embargo ransomware stands out for its programming language choice, double extortion tactics, and similarities with other ransomware groups like ALPHV. The group's use of Rust makes the ransomware difficult to analyze or reverse-engineer, adding to the challenge of defending against it.
Company Vulnerabilities
Shamrock Trading Corporation's prominence in the transportation sector and its financial services offerings make it an attractive target for threat actors like Embargo. The company's large size, extensive operations, and valuable data make it vulnerable to ransomware attacks that can disrupt its business operations and compromise sensitive information.
Sources:
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.