Significant Ransomware Attack on Verco Office Furniture Ltd by Cactus Group
Incident Date:
July 16, 2024
Overview
Title
Significant Ransomware Attack on Verco Office Furniture Ltd by Cactus Group
Victim
Verco Office Furniture Ltd
Attacker
Cactus
Location
First Reported
July 16, 2024
Ransomware Attack on Verco Office Furniture Ltd by Cactus Group
Overview of Verco Office Furniture Ltd
Verco Office Furniture Ltd, established in 1912, is a prominent British manufacturer and designer of high-quality office furniture. The company, headquartered in High Wycombe, Buckinghamshire, specializes in creating functional and stylish workspaces with a focus on employee well-being and productivity. Verco's product range includes chairs, desks, tables, and soft furnishings, catering to various office needs. The company operates globally, with a presence in the United States, Australia, and France, and delivers its products throughout the UK using its own fleet of vehicles.
Details of the Ransomware Attack
Verco Office Furniture Ltd has recently fallen victim to a ransomware attack orchestrated by the Cactus ransomware group. The attackers have exfiltrated a substantial 592GB of data, including corporate confidential data, contracts, engineering data, drawings, projects, and personal files of employees and executives. Financial documents, statements, and corporate correspondence have also been compromised. This breach poses significant risks to Verco's operations and reputation, given the sensitive nature of the data involved.
About the Cactus Ransomware Group
The Cactus ransomware group, first discovered in March 2023, operates as a ransomware-as-a-service (RaaS). The group is known for exploiting vulnerabilities and leveraging malvertising lures for targeted attacks. Cactus ransomware affiliates use custom scripts to disable security tools and distribute the ransomware, targeting organizations across various industries. The group employs unique encryption techniques to avoid detection, using a batch script to obtain the encryptor binary via 7-Zip and deploying it with an execution flag.
Penetration and Impact
Cactus ransomware's tactics align with the MITRE ATT&CK Framework, demonstrating a sophisticated understanding of cyber threats. The group has been observed exploiting the ZeroLogon vulnerability (CVE-2020-1472), which allows remote unauthenticated attackers to access domain controllers and obtain domain administrator access. The attackers create multiple accounts and add them to the administrator's group, enabling them to evade detection, escalate privileges, and remain persistent in the environment. The breach of Verco Office Furniture Ltd underscores the significant threat posed by Cactus ransomware in the cybersecurity landscape.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.