Dunlop Aircraft Tyres Hit by Major Ransomware Attack from Cloak Group
Ransomware Attack on Dunlop Aircraft Tyres by Cloak Group
Dunlop Aircraft Tyres, a leading manufacturer and retreader of aircraft tires, has been targeted by the ransomware group Cloak. The attack, discovered on August 22, 2024, resulted in a significant data breach, compromising 102GB of sensitive information. This incident highlights the increasing threat of ransomware to critical industries.
About Dunlop Aircraft Tyres
Based in Birmingham, UK, Dunlop Aircraft Tyres is the world's only specialist manufacturer and retreader of aircraft tires. Established in 1910 and becoming an independent entity in 1996, the company serves both civil and military markets. With a workforce of approximately 182 employees and an annual revenue of $63.7 million, Dunlop is recognized for its high-quality, reliable tires that meet rigorous aviation standards. The company operates globally, with facilities in North America and China, and supplies tires for over 300 different aircraft types.
Attack Overview
The ransomware attack on Dunlop Aircraft Tyres was orchestrated by the Cloak group, a relatively new threat actor that emerged between late 2022 and early 2023. The breach resulted in the exfiltration and encryption of 102GB of data, potentially impacting the company's operations and its global clientele. The attack underscores the vulnerability of manufacturing sectors to ransomware threats.
About Cloak Ransomware Group
Cloak is a financially motivated ransomware group known for its double extortion tactics. They encrypt files and threaten to leak stolen data on their dark web leak site. Cloak primarily targets sectors such as medical, real estate, construction, IT, food industry, and manufacturing, with a focus on Europe. The group often purchases initial access from Initial Access Brokers and uses compromised employee credentials obtained through info-stealers like Lumma, Aurora, and Redline.
Penetration and Impact
Cloak likely penetrated Dunlop Aircraft Tyres' systems by leveraging compromised credentials or purchasing access from underground marketplaces. The ransomware uses the infected machine's resources to exfiltrate and encrypt data, renaming files with extensions like .crYptA to .crYptE. The high payment rate of 91-96% among Cloak's victims indicates the effectiveness of their extortion tactics.
Conclusion
The ransomware attack on Dunlop Aircraft Tyres by the Cloak group serves as a stark reminder of the growing cybersecurity threats facing critical industries. The breach has compromised a significant amount of sensitive data, potentially affecting the company's operations and its global clientele.
See Halcyon in action
Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!