Ransomware Breach at AmChar Wholesale by Cactus Group
Incident Date:
September 25, 2024
Overview
Title
Ransomware Breach at AmChar Wholesale by Cactus Group
Victim
AmChar Wholesale, Inc.
Attacker
Cactus
Location
First Reported
September 25, 2024
Ransomware Attack on AmChar Wholesale: A Detailed Analysis
AmChar Wholesale, Inc., a leading distributor in the firearms industry, has recently been targeted by the Cactus ransomware group. This attack has compromised sensitive data, posing significant risks to the company's operations and reputation.
About AmChar Wholesale
Founded in 1980 by Tony DiChario, AmChar Wholesale has established itself as a prominent distributor of firearms and related products, primarily serving law enforcement agencies and independent dealers across the United States. With a reputation for integrity and customer service, the company operates multiple distribution centers, including locations in Rochester, New York, Puerto Rico, Canada, Georgia, South Carolina, and North Carolina. AmChar's commitment to supporting local dealers and law enforcement has positioned it as a leading distributor of Glock law enforcement products.
Attack Overview
The Cactus ransomware group has claimed responsibility for the attack on AmChar Wholesale, exploiting vulnerabilities in the company's systems. The attack has resulted in the theft of a wide array of sensitive data, including personal identifiable information, financial documents, database backups, employee personal documents, corporate data and contracts, customer information, and corporate correspondence. The attackers have made this data available on the dark web, further exacerbating the potential damage to AmChar's financial stability and stakeholder trust.
About the Cactus Ransomware Group
Identified in March 2023, the Cactus ransomware group has quickly become a notable player in the ransomware landscape. Known for its sophisticated tactics, Cactus employs a double-extortion model, encrypting data and threatening to leak sensitive information if the ransom is not paid. The group primarily gains access to networks by exploiting known vulnerabilities in VPN devices and data analytics platforms. Cactus distinguishes itself through its ability to encrypt its own binary, evading detection by antivirus software, and its rapid adaptation to newly discovered vulnerabilities.
Potential Vulnerabilities
AmChar Wholesale's extensive operations and reliance on digital infrastructure may have made it vulnerable to such an attack. The company's broad geographical reach and significant data handling requirements could have provided multiple entry points for the ransomware group. The exploitation of VPN vulnerabilities, a common tactic of the Cactus group, may have facilitated the initial breach into AmChar's systems.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.