Ransomware Hits GALAB Labs Cactus Group Steals Sensitive Data
Incident Date:
October 1, 2024
Overview
Title
Ransomware Hits GALAB Labs Cactus Group Steals Sensitive Data
Victim
Galab Laboratories
Attacker
Cactus
Location
First Reported
October 1, 2024
Ransomware Attack on GALAB Laboratories by Cactus Group
GALAB Laboratories, a prominent analytical service provider based in Hamburg, Germany, has fallen victim to a ransomware attack orchestrated by the notorious Cactus ransomware group. This incident underscores the persistent threat posed by cybercriminals to organizations handling sensitive data.
About GALAB Laboratories
Founded in 1992, GALAB Laboratories GmbH specializes in analytical services and separation technology, primarily serving the healthcare, food, and biopharmaceutical industries. With approximately 250 employees, the company is renowned for its innovative approaches and proprietary tools like AffiSep, AffiSpin, and GlycoCleave. These tools enhance product quality and safety through rigorous analysis and testing. GALAB's commitment to quality assurance and continuous improvement has established it as a leader in its field, maintaining strong relationships with multinational clients.
Details of the Attack
The Cactus ransomware group claims to have breached GALAB's systems, exfiltrating around 120GB of sensitive data. The stolen data reportedly includes database backups, corporate data, project drawings, and corporate correspondence. This breach highlights the vulnerabilities faced by organizations like GALAB, which handle critical and sensitive information. The attack emphasizes the need for comprehensive cybersecurity measures to protect against such threats.
About the Cactus Ransomware Group
Identified in March 2023, the Cactus ransomware group has quickly become a significant player in the ransomware landscape. Known for its double-extortion tactics, Cactus not only encrypts data but also threatens to leak sensitive information if the ransom is not paid. The group primarily exploits vulnerabilities in VPN devices and data analytics platforms to gain initial access. Cactus distinguishes itself through sophisticated evasion techniques, including encrypting its own binary to avoid detection by antivirus software.
Potential Vulnerabilities
GALAB Laboratories, like many organizations, may have been vulnerable due to potential weaknesses in their cybersecurity infrastructure. The Cactus group is known for exploiting vulnerabilities in VPN appliances and leveraging phishing attacks to gain access. The attack on GALAB highlights the importance of regularly updating and patching systems to mitigate known vulnerabilities and employing advanced threat detection systems to identify unusual patterns indicative of ransomware activity.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.