Ransomware Hits Milano Promotional Services by 3AM Group
Incident Date:
October 31, 2024
Overview
Title
Ransomware Hits Milano Promotional Services by 3AM Group
Victim
Milano Promotional Services
Attacker
3AM
Location
First Reported
October 31, 2024
Ransomware Attack on Milano Promotional Services by 3AM Group
Milano Promotional Services (MPS), a family-owned business specializing in promotional services, has recently been targeted by the 3AM ransomware group. This attack has brought to light the vulnerabilities faced by small to medium-sized enterprises in the business services sector.
About Milano Promotional Services
Established in 2005, MPS operates from Riverton, New Jersey, and employs a small team of 2 to 10 individuals. The company focuses on enhancing the operational capabilities of small and medium-sized businesses through innovative promotional solutions. MPS is renowned for its expertise in coupon redemption, rebate processing, and fulfillment services. Their use of modern technology, such as QR code rebates and GS1 barcode generation, sets them apart in the industry. However, their reliance on digital processes may have made them susceptible to cyber threats.
Details of the Attack
The 3AM ransomware group infiltrated MPS's systems, encrypting critical data and demanding a ransom for its release. The attack disrupted MPS's operations, affecting their ability to provide seamless coupon processing and rebate fulfillment services. The attackers likely exploited vulnerabilities in MPS's digital infrastructure, which may have been inadequately protected against sophisticated cyber threats.
Profile of the 3AM Ransomware Group
3AM is a relatively new ransomware strain, known for its sophisticated methods and connections to other cybercriminal organizations. Written in Rust, the ransomware encrypts files and appends the extension `.threeamtime`. It is often used as a fallback option when other ransomware deployments, such as LockBit, fail. The group is linked to well-known ransomware entities like Conti and Royal, indicating a shared infrastructure and tactics. This adaptability and collaboration make 3AM a formidable threat in the cybersecurity landscape.
Potential Penetration Methods
The 3AM group may have penetrated MPS's systems through vulnerabilities in their digital processes or inadequate security measures. The ransomware is known to disrupt security and backup services, maximizing damage and hindering recovery efforts. MPS's reliance on digital solutions for coupon and rebate processing could have provided an entry point for the attackers.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.