Cicada 3301 Strikes INDIBA Group in Major Ransomware Attack

Incident Date: Oct 18, 2024

Attack Overview

VICTIM

INDIBA Group

INDUSTRY

Healthcare Services

LOCATION

Spain

ATTACKER

Cicada 3301

FIRST REPORTED

October 18, 2024

Request Removal

Cicada 3301 Ransomware Attack on INDIBA Group: A Detailed Analysis

INDIBA Group, a leader in the healthcare services sector, has fallen victim to a ransomware attack orchestrated by the notorious Cicada 3301 group. This incident highlights the vulnerabilities faced by companies in the medical technology industry, particularly those with a global footprint and valuable data assets.

About INDIBA Group

Founded in 1983 and headquartered in Barcelona, Spain, INDIBA Group is renowned for its advanced radiofrequency and laser technologies. The company operates in over 60 countries, providing innovative solutions in aesthetics, rehabilitation, and sports medicine. INDIBA's flagship product, the INDIBA® ACTIV system, is celebrated for its non-invasive approach to enhancing tissue repair and regeneration. This technology is pivotal in sports physiotherapy and aesthetic applications, making INDIBA a versatile player in the medical technology landscape.

Attack Overview

The Cicada 3301 group claims to have exfiltrated 33 GB of sensitive data from INDIBA, including accounting records, financial details, and personal data of employees and clients. The breach also extends to multimedia files, technical documents, and information related to competitors and partners. This extensive data theft underscores the potential impact on INDIBA's operations and reputation. Cicada 3301 has leaked samples of the stolen data, demonstrating the severity of the breach.

About Cicada 3301

Cicada 3301 is a ransomware-as-a-service and data broker group that emerged in mid-2024. Unlike traditional ransomware groups, Cicada 3301 focuses on data exfiltration and long-term monetization. They employ a double-extortion model, threatening to release stolen data if demands are not met. The group is known for its sophisticated tactics, including the use of the Brutus botnet for initial access and ChaCha20 encryption for data protection.

Potential Vulnerabilities

INDIBA's global operations and valuable data assets make it an attractive target for ransomware groups like Cicada 3301. The company's reliance on advanced technologies and extensive data collection could have exposed vulnerabilities in its cybersecurity defenses. Cicada 3301 likely exploited these weaknesses through phishing campaigns and brute-forcing VPN credentials, gaining access to INDIBA's systems and exfiltrating critical data.

Sources:

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.