SA.Global Targeted by Cactus Ransomware: A Deep Dive

Incident Date:

April 22, 2024

World map



SA.Global Targeted by Cactus Ransomware: A Deep Dive






Vancouver, Canada

, Canada

First Reported

April 22, 2024

Cactus Ransomware Targets SA.Global: A Detailed Analysis

Company Overview

SA.Global, established in 1990, is a leading Microsoft Partner specializing in industry-focused Microsoft Dynamics 365-based ERP, CRM, HCM, and business intelligence solutions. With a workforce of 874 employees and a LinkedIn following of 20,095, the company operates in 80 countries. Known for its operational excellence and financial performance, SA.Global has a strong reputation, having won the Microsoft Dynamics Partner of the Year Award 10 times. The company's estimated annual revenue stands at $205.4 million, with a revenue per employee ratio of approximately $205,436.

The company is distinguished by its 100% focus on Microsoft business applications, providing tailored solutions for professional services firms that ensure seamless integration within Microsoft 365. Their global service centers offer 24-hour expert support, emphasizing their commitment to digital transformation for global businesses.

Ransomware Attack Details

The Cactus ransomware group, known for its sophisticated cyberattacks, targeted The enterprise, compromising their systems and exfiltrating 41 GB of data. The attack did not specify a ransom demand, but the full publication of the leaked data has severely impacted the company's privacy and security, exposing potentially sensitive information.

Targeting and Vulnerabilities

The company's significant global presence and extensive client base make it an attractive target for cybercriminals. The nature of their business, involving large volumes of sensitive data related to enterprise resource planning and customer management, increases their vulnerability to ransomware attacks. Furthermore, their high dependency on digital platforms and the Microsoft ecosystem could have exposed specific vulnerabilities, making them susceptible to the sophisticated tactics employed by the Cactus group.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.