Cactus Ransomware Hits Pomvom Picsolve in Major Data Breach

Incident Date: Oct 24, 2024

Attack Overview

VICTIM

Pomvom Picsolve

INDUSTRY

Hospitality

LOCATION

USA

ATTACKER

Cactus

FIRST REPORTED

October 24, 2024

Request Removal

Cactus Ransomware Group Targets Pomvom Picsolve in Major Cyberattack

Pomvom Picsolve, a leader in digital image capture and distribution solutions, has become the latest victim of a ransomware attack by the notorious Cactus group. This incident underscores the persistent threat ransomware groups pose to companies in the digital content and technology sectors.

Company Profile and Industry Standing

Established in 1994 as Rx Technology Europe Ltd., Picsolve rebranded in 2002 and has since become a significant player in the leisure and entertainment industry. The company specializes in ride photography, event photography, and innovative products like the Green Screen Experience. With operations in over 100 installations globally, Picsolve has been recognized for its cutting-edge technology and customer engagement strategies. Despite its dissolution in 2022, the company merged with Pomvom, an AI specialist, enhancing its technological capabilities.

Details of the Ransomware Attack

The Cactus ransomware group claims to have infiltrated Pomvom Picsolve's systems, exfiltrating 620 GB of sensitive data. The compromised information includes personally identifiable information, database backups, corporate confidential data, customer data, contracts, and financial documents. This breach highlights the vulnerabilities companies face, particularly those integrating advanced technologies and digital services.

About the Cactus Ransomware Group

Identified in March 2023, the Cactus ransomware group has quickly gained notoriety for its sophisticated tactics. The group employs a double-extortion model, encrypting data and threatening to leak it if ransoms are not paid. Cactus distinguishes itself through its ability to exploit vulnerabilities in VPN devices and its use of advanced encryption techniques to evade detection. The group is known for its rapid adaptation to new vulnerabilities, making it a formidable threat in the cybersecurity landscape.

Potential Vulnerabilities and Attack Vector

Pomvom Picsolve's integration of AI and digital technologies may have presented an attractive target for the Cactus group. The ransomware group likely exploited vulnerabilities in VPN appliances or leveraged stolen credentials to gain initial access. Once inside, Cactus utilized sophisticated encryption and evasion techniques to maintain persistence and exfiltrate data, demonstrating the challenges companies face in securing their digital infrastructures.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.