SureWerx USA Targeted in Ransomware Attack by SpaceBears Group

Incident Date:

May 4, 2024

World map



SureWerx USA Targeted in Ransomware Attack by SpaceBears Group


Surewerx USA




Elgin, USA

Illinois, USA

First Reported

May 4, 2024

Ransomware Attack on SureWerx USA by SpaceBears Group

Company Profile

SureWerx USA, a subsidiary of the Canadian-based SureWerx, is a prominent supplier in the safety products and personal protective equipment (PPE) industry. Founded in 1957 and headquartered in Coquitlam, Canada, SureWerx USA specializes in providing professional-grade safety and equipment products for workers across various sectors including construction, industrial, safety, and automotive aftermarkets. The company boasts a workforce of 350 employees and generates an estimated annual revenue of $300 million. SureWerx USA stands out in its field due to its extensive product range and commitment to high standards, which are evident in its diverse offerings from brands like K1 Series, Due North, Pioneer, and NEOS.

Details of the Ransomware Attack

The ransomware group SpaceBears has recently claimed responsibility for an attack on SureWerx USA, as announced on their dark web leak site. This group, which has targeted various organizations globally, is known for its sophisticated ransomware tactics that not only encrypt the victim's data but also involve ransom demands for decryption keys. The exact details of the breach, including the date of the attack and the amount of ransom demanded, have not been disclosed publicly. However, the attack raises concerns about potential data loss and significant disruption to SureWerx USA’s operations.

Vulnerabilities and Security Insights

While the specific vulnerabilities exploited in the attack on SureWerx USA are not detailed, manufacturing firms like SureWerx are often targeted due to the valuable data they hold and their critical role in supply chains. Common entry points for ransomware include phishing attacks, compromised credentials, and unpatched systems. For a company that integrates technology deeply into its operations, maintaining rigorous cybersecurity measures is crucial to defend against such sophisticated threats.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.