Cloak Ransomware Strikes Penn Veterinary Supply Inc
Cloak Ransomware Group Targets Penn Veterinary Supply Inc.
Penn Veterinary Supply Inc., a prominent player in the veterinary supply industry, has fallen victim to a ransomware attack orchestrated by the Cloak ransomware group. This incident highlights the growing threat of cyberattacks on the healthcare services sector, particularly targeting small to medium-sized businesses.
Company Profile and Industry Standing
Established in 1981 and headquartered in Lancaster, Pennsylvania, Penn Veterinary Supply Inc. is a family-owned distributor dedicated to serving veterinarians and veterinary practices. The company employs approximately 129 individuals and reported an annual revenue of $145 million. Penn Vet distinguishes itself through personalized service, offering a wide range of veterinary products and solutions tailored for independent veterinary hospitals. Their commitment to customer engagement, education, and technological innovation makes them a vital resource in the veterinary community.
Vulnerabilities and Attack Overview
The attack on Penn Veterinary Supply Inc. was first indicated on September 4, 2024, when Cloak partially revealed the victim's domain on their dark web leak site. By September 25, 2024, the full domain was disclosed, and sample screenshots along with compromised data were made available for download. The company's focus on technology, such as their "Schedule & Save" program and digital Safety Data Sheets, may have inadvertently exposed vulnerabilities that threat actors like Cloak could exploit.
Cloak Ransomware Group: Tactics and Distinction
Cloak ransomware emerged between late 2022 and early 2023, primarily targeting sectors like medical, real estate, and IT. The group is financially motivated, often purchasing initial access from Initial Access Brokers and leveraging compromised credentials obtained through info-stealers. Cloak employs double extortion tactics, encrypting files and threatening to leak stolen data. Their operations are characterized by a high ransom payment rate, with 21 out of 23 victims reportedly paying the ransom as of mid-2023.
Potential Penetration Methods
While the exact method of penetration into Penn Veterinary Supply's systems remains unclear, it is likely that Cloak utilized compromised employee credentials or exploited vulnerabilities in the company's digital infrastructure. The group's ability to exfiltrate and encrypt data using the infected machine's resources underscores the importance of effective cybersecurity measures.
Sources
See Halcyon in action
Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!