Qilin Ransomware Group Targets Amco Metal Industrial Corporation

Amco Metal Industrial Corporation, a prominent manufacturer and exporter based in Mumbai, India, has recently fallen victim to a ransomware attack orchestrated by the Qilin ransomware group. The attackers claim to have exfiltrated 23GB of sensitive data from the company's systems, marking a significant breach in the manufacturing sector.

About Amco Metal Industrial Corporation

Established in 1981, Amco Metal Industrial Corporation, commonly known as Amco Metals, specializes in producing a wide range of metal products, including stainless steel, carbon steel, and high nickel alloy pipes, tubes, fittings, flanges, and fasteners. The company is ISO 9001:2015 certified by TUV Nord India, ensuring adherence to international quality standards. Despite its relatively small size, employing between 11 to 25 people, Amco Metals has a strong global presence, exporting its products to over 100 countries.

What Makes Amco Metals Stand Out

Amco Metals is recognized for its commitment to quality, innovation, and environmental sustainability. The company utilizes advanced technologies in its production processes and emphasizes a customer-centric approach. Its state-of-the-art manufacturing facilities contribute to its reputation for reliability and performance in demanding operational environments. These factors make Amco Metals a trusted partner in various industries, including chemical, petrochemical, oil and gas, and food processing.

Vulnerabilities and Attack Overview

Despite its strong market position, Amco Metals' relatively small size and modest annual revenue, reported to be between ₹10 to ₹25 crore (approximately $1.2 to $3 million), may have made it an attractive target for ransomware groups like Qilin. The attackers claim to have infiltrated the company's systems and exfiltrated 23GB of sensitive data, underscoring the growing threat of ransomware attacks on industrial corporations.

About the Qilin Ransomware Group

The Qilin ransomware group, also known as Agenda, is a sophisticated Ransomware-as-a-Service (RaaS) operation believed to be of Russian origin. First appearing in October 2022, Qilin has targeted various organizations, including healthcare providers, automotive companies, and government agencies. The group uses advanced tactics, such as data exfiltration and double extortion, to pressure victims into paying ransoms. Qilin's adaptability and cross-platform capabilities make it a formidable threat in the cybersecurity landscape.

Penetration Tactics

While specific details of how Qilin penetrated Amco Metals' systems are not publicly available, the group is known for exploiting vulnerabilities in network security, using phishing attacks, and leveraging weak passwords to gain access. Once inside, they employ data exfiltration and encryption to maximize their leverage over the victim, often demanding substantial ransoms to restore access to the compromised data.

Sources

• Amco Metals Official Website
• Tripwire: Qilin Ransomware
• SOCRadar: Qilin Ransomware Profile
• Group-IB: Qilin Ransomware