Ransomware Hits Structural & Steel Products by Hunters International
Incident Date:
October 10, 2024
Overview
Title
Ransomware Hits Structural & Steel Products by Hunters International
Victim
Structural and Steel Products
Attacker
Hunters International
Location
First Reported
October 10, 2024
Ransomware Attack on Structural & Steel Products Inc. by Hunters International
Structural & Steel Products Inc. (SSP), a prominent manufacturer based in Fort Worth, Texas, has fallen victim to a ransomware attack orchestrated by the notorious group Hunters International. SSP specializes in producing essential infrastructure components such as overhead sign structures, guardrails, crash cushions, lighting poles, and bridge decking, primarily for the highway construction sector. The company is known for its commitment to quality and compliance, conducting rigorous inspections to ensure all products meet customer specifications and industry standards.
Company Profile and Vulnerabilities
With a workforce of 201 to 500 employees, SSP plays a significant role in regional infrastructure development. The company's emphasis on quality assurance and engineering capabilities positions it as a reliable partner in the steel industry. However, its focus on critical infrastructure makes it an attractive target for ransomware groups like Hunters International. The attack highlights potential vulnerabilities in SSP's cybersecurity measures, which may have been exploited by the attackers to gain access to sensitive data.
Attack Overview
Hunters International claims to have compromised 558.8 GB of data, encompassing 510,337 files from SSP's systems. The group has threatened to release the stolen data within 1 to 2 days, putting the company's sensitive information at risk of public exposure. This attack underscores the critical threat level posed by Hunters International, which employs double extortion tactics to maximize leverage over its victims.
Hunters International: A Sophisticated Threat
Emerging in October 2023, Hunters International is a Ransomware-as-a-Service (RaaS) group that utilizes code from the defunct Hive ransomware operation. The group distinguishes itself through its adaptability, targeting both Windows and Linux environments, and employing advanced encryption techniques. Hunters International's modus operandi involves multi-stage operations, beginning with network reconnaissance and lateral movement before data exfiltration and encryption. The group likely penetrated SSP's systems through phishing campaigns or exploiting remote services, common tactics used to gain initial access.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.