Ransomware Attack on Sichuan Dawei Technology Co., Ltd
Incident Date:
May 24, 2024
Overview
Title
Ransomware Attack on Sichuan Dawei Technology Co., Ltd
Victim
Sichuan Dawei Technology Co., Ltd
Attacker
Black Suit
Location
First Reported
May 24, 2024
Ransomware Attack on Sichuan Dawei Technology Co., Ltd by BlackSuit Ransomware Group
Company Overview
Sichuan Dawei Technology Co., Ltd, also known as Sichuan Dowell Science and Technology Co., Ltd, is a high-tech enterprise established in 2003. The company is a leading player in the domestic leather industry, specializing in the research, development, production, and sales of leather chemicals, including clean tanning materials, leather functional additives, finishing materials, and colorants.
Company Size and Standout
The attacked company has a production capacity of more than 200 kinds of products and is listed on the Growth Enterprise Market (GEM). The company stands out for its extensive product range and its position as a key enterprise in the domestic leather industry.
Attack Overview
Recently, Sichuan Dawei Technology Co., Ltd fell victim to a ransomware attack by the BlackSuit ransomware group. The attackers infiltrated the company's network, encrypting data and exfiltrating over 20GB of sensitive information. This included blueprints, 3D models, welding information, building project details, factory construction reports, and leather shredder machine development documents.
BlackSuit Ransomware Group
BlackSuit is a new ransomware family closely related to the notorious Royal ransomware group. The ransomware targets both Windows and Linux systems, including VMware ESXi servers. It appends the .blacksuit extension to encrypted files and drops a ransom note named README.BlackSuit.txt in each affected directory.
Company Vulnerabilities
The significant amount of sensitive information held by Sichuan Dawei Technology Co., Ltd, including intellectual property and operational details, made them an attractive target for threat actors. The company's reliance on digital systems and the interconnected nature of modern business operations also increased their vulnerability to cyber attacks.
Sources:
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.