Ransomware Attack on Square One Coating Systems by Cicada3301

Square One Coating Systems, LLC, a prominent player in the metal finishing industry, has recently fallen victim to a ransomware attack orchestrated by the notorious group known as Cicada3301. This incident has compromised the company's systems and potentially exposed sensitive data, highlighting the growing threat of ransomware to businesses.

About Square One Coating Systems

Square One Coating Systems, headquartered in Oriskany, New York, specializes in advanced metal finishing solutions. The company offers a range of coating technologies designed to enhance the performance and durability of metal components. With over 100 years of combined experience, Square One is known for its technical expertise and commitment to quality. Their core offerings include Electroless Nickel plating, composite coatings, manganese phosphate, black oxide, zinc plating, and anodizing. The company is recognized for its quick turnaround times, often completing orders in three days or less without charging expediting fees.

Company Size and Industry Standing

Square One Coating Systems employs between 11 to 50 individuals and generates an estimated annual revenue of $5 million to $10 million. The company has been named one of the top finishing shops in North America by Products Finishing magazine, a testament to its operational excellence and quality standards.

Attack Overview

The ransomware attack on Square One Coating Systems was claimed by Cicada3301 via their dark web leak site. The cybercriminals have compromised the company's systems, potentially exposing sensitive data. Square One is currently assessing the extent of the damage and working to restore its operations while addressing the demands of the attackers.

About Cicada3301

Cicada3301 is a new threat actor group that emerged in June 2024. Unlike traditional ransomware groups, Cicada3301 operates as a data broker, focusing on stealing sensitive data and selling it on dark web marketplaces. This approach signifies a shift from conventional ransomware tactics to more sustained and long-term damage strategies. Cicada3301 pressures organizations by threatening to release stolen data, although their main intent is to profit from selling the data rather than extorting ransom payments directly from the victims.

Cicada 3301

To clarify, the name “Cicada 3301” was originally associated with an online puzzle that gained notoriety between 2012-2014. However, the name has since been appropriated by a separate and unrelated ransomware group, which has been the focus of recent reports, including ours.

Halcyon fully respects the legacy of the original “Cicada 3301” organization and recognizes their distinction from the activities of the ransomware group using the same name. Our reporting on the ransomware group is consistent with fair use, aiming to inform the public about cybersecurity threats.  For those interested in the original “Cicada 3301” and their official stance on this matter, we encourage you to visit their statement here.

We appreciate your understanding as we strive to maintain clarity and accuracy in our reporting.

Potential Vulnerabilities

Square One Coating Systems, like many manufacturing companies, may have been targeted due to potential vulnerabilities in their cybersecurity infrastructure. Manufacturing companies often rely on legacy systems and may lack the comprehensive cybersecurity measures needed to fend off sophisticated cyber threats. The attack by Cicada3301 underscores the importance of implementing comprehensive cybersecurity strategies to protect sensitive data and maintain operational integrity.

Sources

   
• Square One Coating Systems
   
• About Us - Square One Coating Systems
   
• Top Finishing Shops - Square One Coating Systems
   
• Dun & Bradstreet - Square One Coating Systems