Ransomware Attack on Duque Saldarriaga by Arcus Media

Company Profile

Duque Saldarriaga y Cia S.A.S, operating under the brand Envases Duque, is a Colombian company specializing in the production and distribution of high-quality packaging solutions. Established in 1982, the company employs approximately 104 people and reported a net sales revenue increase of 2.28% in 2023. They offer a wide range of products, including plastic and glass containers, valves, and other packaging solutions for various industries such as food, beverages, pharmaceuticals, and cosmetics.

Attack Overview

Recently, the Arcus Media ransomware group has claimed responsibility for an attack on Duque Saldarriaga. The group added the company to its list of victims on their dark web leak site. The attack has raised concerns about the vulnerabilities in the company's cybersecurity measures, particularly given their use of advanced manufacturing techniques and state-of-the-art technology.

Ransomware Group Profile

Arcus Media is a relatively new ransomware group that has been active since May 2024. They employ direct and double extortion methods, using phishing emails to gain initial access and deploying custom ransomware binaries. The group operates on a Ransomware-as-a-Service (RaaS) model, allowing other threat actors to use their malware. They have a unique affiliate program requiring new affiliates to be referred and vetted.

Penetration and Impact

It is likely that Arcus Media penetrated Duque Saldarriaga's systems through phishing emails containing malicious attachments or links. Once inside, they deployed scripts to execute the ransomware payload, using obfuscation techniques to evade detection. The attack has potentially compromised sensitive data and disrupted the company's operations, highlighting the need for robust cybersecurity measures.

Sources

• Envases Duque
• EMIS Company Profile
• Trademo Intel
• The Moloch
• WatchGuard Technologies
• DarkFeed