Ransomware Attack on Security Instrument Corp. by Cactus Ransomware Group

Security Instrument Corp., Delaware's largest independently-owned security firm, has recently fallen victim to a ransomware attack orchestrated by the Cactus ransomware group. The attackers claim to have infiltrated the company's systems and exfiltrated 141GB of sensitive organizational data. This breach underscores the growing threat of ransomware attacks on critical security infrastructure providers.

About Security Instrument Corp.

Established nearly 60 years ago, Security Instrument Corp. is a prominent security integration company based in Wilmington, Delaware. The firm provides a wide range of security products and services to both residential and commercial clients across Delaware, Maryland, New Jersey, and Pennsylvania. Their offerings include advanced electronic security solutions such as access control systems, video surveillance, intrusion detection, fire alarms, and life safety systems. The company serves a diverse clientele, including Fortune 500 companies, and emphasizes comprehensive support and monitoring services to ensure the effectiveness and reliability of their security installations.

Security Instrument Corp. stands out in the industry for its extensive experience, comprehensive service offerings, and dedication to enhancing safety and security for individuals and businesses alike. The company employs over 75 individuals and has reported an annual revenue of approximately $15.4 million. Their long-standing accreditation with the Better Business Bureau since 1967 further attests to their commitment to quality service and customer satisfaction.

Attack Overview

The Cactus ransomware group, first discovered in March 2023, operates as a ransomware-as-a-service (RaaS) and is known for exploiting vulnerabilities and leveraging malvertising lures for targeted attacks. In the case of Security Instrument Corp., the attackers claim to have gained access to 141GB of sensitive data, of which 1% has already been disclosed as proof of the breach. The attack highlights the vulnerabilities of even well-established security firms to sophisticated cyber threats.

About Cactus Ransomware Group

The Cactus ransomware group distinguishes itself through its sophisticated tactics and techniques, which align with the MITRE ATT&CK Framework. The group employs unique encryption techniques to avoid detection, using custom scripts to disable security tools and distribute the ransomware. They have been observed exploiting the ZeroLogon vulnerability (CVE-2020-1472), which allows remote unauthenticated attackers to access domain controllers and obtain domain administrator access. The group's attacks often involve creating multiple accounts, escalating privileges, and moving laterally within the environment using techniques such as RDP, scheduled tasks, and Windows Management Instrumentation Command (WMIC).

The Cactus ransomware group's ability to exploit vulnerabilities and employ advanced encryption techniques makes it a significant threat in the ransomware landscape. Their attack on Security Instrument Corp. serves as a stark reminder of the importance of stringent cybersecurity measures, even for companies specializing in security services.

• Security Instrument Corp. - Contact
• Security Instrument Corp. - ZoomInfo
• Talos Intelligence - Quarterly Report Q4 2023
• Checkpoint - Ransomware