Ransomware Hits 1 Source Design: Donutleaks Exposes Data Breach
Incident Date:
July 24, 2024
Overview
Title
Ransomware Hits 1 Source Design: Donutleaks Exposes Data Breach
Victim
1 Source Design
Attacker
Donutleaks
Location
First Reported
July 24, 2024
Ransomware Attack on 1 Source Design by Donutleaks
Overview of 1 Source Design
1 Source Design Ltd, based in Wallaceburg, Ontario, is a prominent player in the tooling and mold-making industry. With nearly 35 years of experience, the company has grown from a modest eight-person shop into a global supplier of tooling solutions, particularly for the automotive sector. They specialize in plastic injection tooling and die casting, operating a state-of-the-art facility with advanced machinery and a workforce of over 45 skilled employees.
Details of the Ransomware Attack
The ransomware group Donutleaks has claimed responsibility for a cyberattack on 1 Source Design. The attackers, referring to their operation as "Jack-Designer-Sparrow," left a detailed note on the company's website, criticizing 1 Source Design for its reluctance to share information. They revealed the discovery of pirated software, serial numbers, and other illicit materials within the company's data. The attackers also highlighted the presence of secret files and clients from "prohibited" countries such as Russia and China, boasting about accessing 50GB of industrial design information.
About Donutleaks Ransomware Group
Donutleaks is a data extortion group known for its double-extortion tactics, where they both encrypt files and leak stolen data. The group uses customized ransomware that scans for specific file extensions to encrypt, renaming encrypted files with the ".d0nut" extension. They maintain a data storage site where stolen data is stored and can be browsed and downloaded by visitors. Donutleaks is known for its theatrical approach, using interesting graphics, humor, and ASCII art in their ransom notes and data leak site.
Potential Vulnerabilities
1 Source Design's extensive use of advanced machinery and software in their operations may have made them a target for ransomware groups like Donutleaks. The presence of pirated software and serial numbers within their data suggests potential vulnerabilities in their cybersecurity practices. Additionally, their global network of partners and clients, including those from countries like China and Russia, may have exposed them to increased risks of cyberattacks.
Penetration of the Company's Systems
While the exact method of penetration is not disclosed, it is likely that Donutleaks exploited vulnerabilities in 1 Source Design's network security. The use of pirated software could have provided an entry point for the attackers. Additionally, the group's expertise in double-extortion tactics and customized ransomware indicates a sophisticated approach to breaching and compromising the company's systems.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.