Medusa Ransomware Hits Automha Exposing 308GB of Data

Incident Date: Oct 22, 2024

Attack Overview

VICTIM

Automha

INDUSTRY

Manufacturing

LOCATION

Italy

ATTACKER

Medusa

FIRST REPORTED

October 22, 2024

Request Removal

Medusa Ransomware Group Targets Automha in Significant Cyber Attack

Automha, a leader in warehouse automation solutions, has become the latest victim of a ransomware attack orchestrated by the notorious Medusa group. The attack, which has compromised approximately 308.9 GB of sensitive data, underscores the growing threat of ransomware to the manufacturing sector.

About Automha

Founded in 1979 in Italy, Automha specializes in designing and manufacturing automated warehouse systems. The company operates globally, with significant manufacturing sites in Italy and China, and assembly facilities in North America. Automha's mission, "Automation Made Simple," reflects its commitment to streamlining complex warehouse operations through innovative solutions. The company employs around 230 people and reported an annual revenue of approximately 85 million euros, highlighting its position in the intralogistics market.

Attack Overview

The Medusa ransomware group claims to have breached Automha's systems, demanding a ransom of $150,000 to prevent the release of the stolen data. The attack was discovered on the same day as the payment deadline, October 30, leaving Automha with limited time to respond. This incident highlights the vulnerabilities faced by companies in the manufacturing sector, particularly those heavily reliant on digital infrastructure for operational efficiency.

Medusa Ransomware Group

Emerging in late 2022, Medusa has quickly gained notoriety for its aggressive ransomware campaigns across various sectors. Operating as a Ransomware-as-a-Service platform, Medusa allows affiliates to launch attacks using its sophisticated ransomware. The group is known for its ability to exfiltrate large volumes of data and its ruthless tactics, including public data leaks if ransoms are not paid. Medusa's ransomware is designed to disable recovery efforts, making it a formidable threat to organizations worldwide.

Potential Vulnerabilities

Automha's reliance on advanced automation technologies, which integrate mechanical, electrical, and IT components, may have presented an attractive target for Medusa. The complexity and interconnectedness of these systems can create vulnerabilities that threat actors exploit. As a company operating in over 40 nations, Automha's global presence and extensive digital infrastructure may have further exposed it to cyber threats.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.