Widdop & Co Targeted by Rhysida Ransomware Attack

Incident Date:

May 18, 2024

World map

Overview

Title

Widdop & Co Targeted by Rhysida Ransomware Attack

Victim

Widdop and Co.

Attacker

Rhysida

Location

Manchester, United Kingdom

, United Kingdom

First Reported

May 18, 2024

Ransomware Attack on Widdop & Co by Rhysida

Victim Overview

Widdop & Co, a leading UK-based giftware and home decor supplier, was targeted by the Rhysida ransomware group in a recent cyberattack. The company, established in 1883, offers a wide range of products for various occasions and events, with a strong focus on design, innovation, and quality. Widdop & Co stands out in the industry for its 140-year history, diverse product portfolio, and commitment to customer service.

Attack Overview

The attackers demanded a ransom of 10 BTC (approximately $670,000) from Widdop & Co after compromising sensitive information within the company's SQL databases. This data included details of suppliers, buyers, financial transactions, and proprietary algorithms related to discounts and profit margins. The attackers exfiltrated an undisclosed amount of data and made a sample of the leaked information available.

Rhysida Ransomware Group

The Rhysida ransomware group is known for its double extortion technique, stealing data before encrypting it and threatening to publish it on the dark web unless a ransom is paid. The group targets various sectors, including manufacturing, healthcare, education, and government, and primarily operates through phishing campaigns and network infiltration. Rhysida distinguishes itself by using the ChaCha20 encryption algorithm and generating ransom notes as PDF documents.

Company Vulnerabilities

Widdop & Co may have been targeted by threat actors due to its extensive network connections, including field-based territory managers and an export team serving over 75 countries. The company's reliance on digital systems for managing product information, financial data, and customer details could have made it susceptible to ransomware attacks. Additionally, the use of valid credentials and VPN connections for network access may have provided an entry point for the attackers.

Sources:

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.