The Underground Team Strikes: Ransomware Attack on Creative Business Interiors
Incident Date:
May 4, 2024
Overview
Title
The Underground Team Strikes: Ransomware Attack on Creative Business Interiors
Victim
Creative Business Interiors, Inc.
Attacker
Underground Team
Location
First Reported
May 4, 2024
Ransomware Attack on Creative Business Interiors by Underground Team
Company Profile
Creative Business Interiors, Inc., established in 1991, is a prominent commercial interior design and construction firm based in Wisconsin. With showrooms in Milwaukee, Madison, and Green Bay, the company specializes in a range of services from interior design to installation, focusing on creating functional and aesthetically pleasing environments for businesses, government agencies, healthcare settings, and educational institutions. Their commitment to long-term relationships and a culture of professional growth makes them a standout in the industry.
Details of the Attack
The Underground Team, a known cybercriminal group, targeted Creative Business Interiors with a sophisticated ransomware attack, resulting in the exfiltration of 34.5 GB of sensitive data. This data included confidential agreements, employee personal information, financial documents, and project documentation. The breach not only exposed extensive confidential business and personal information but also posed a significant risk to the company’s operational and financial integrity.
Ransomware Group Profile
The group's ransomware is known for its 64-bit GUI-based application that employs a variety of commands to disrupt systems. This includes deleting backups, modifying registry settings, and halting critical services like MSSQLSERVER. The ransomware typically spreads through phishing emails containing malicious attachments or links, exploiting the human element of security to initiate its encryption protocols.
Vulnerabilities and Security Insights
The attack on Creative Business Interiors underscores typical vulnerabilities in businesses that may not have robust cybersecurity measures in place, especially against sophisticated social engineering attacks. The company’s significant data breach could have been precipitated by an employee inadvertently triggering the ransomware through a deceptive email, highlighting the need for advanced threat detection systems and employee cybersecurity training.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.