Medusa Ransomware Hits Italian Firm TECHNOLOG S.r.l. in Major Breach
Medusa Ransomware Group Targets TECHNOLOG S.r.l. in Devastating Cyber Attack
TECHNOLOG S.r.l., an Italian company renowned for its integrated solutions in intralogistics and industrial automation, has become the latest victim of a ransomware attack orchestrated by the notorious Medusa group. The attack has resulted in the exfiltration of 439.40 GB of sensitive data, with a ransom demand of $200,000 set to be paid by September 23rd.
Company Profile
Founded in 1994, TECHNOLOG S.r.l. has established itself as a leader in providing advanced software and hardware solutions designed to enhance warehouse management and logistics operations. The company’s core product, a customizable Warehouse Management System (WMS) with an integrated Warehouse Control System (WCS), is pivotal in optimizing inventory control and streamlining processes. TECHNOLOG also offers consulting services, particularly in the maritime industry, and has expanded its operations internationally, including a subsidiary in Shanghai.
With a workforce of approximately 51-200 employees and an estimated annual revenue of around €10 million, TECHNOLOG is a medium-sized enterprise that prides itself on innovation and efficiency. Their commitment to energy efficiency and compliance with the latest engineering practices has made them a standout player in their industry.
Attack Overview
The ransomware attack on TECHNOLOG S.r.l. was executed by the Medusa group, which has been active since late 2022. The attack led to a significant data breach, with Medusa providing samples of the stolen data to substantiate their claims. The compromised data includes sensitive information critical to TECHNOLOG’s operations, potentially impacting their clients and partners.
Medusa Ransomware Group
Medusa operates as a Ransomware-as-a-Service (RaaS) platform, allowing affiliates to use its ransomware to launch attacks. The group has gained notoriety for targeting various sectors, including education, healthcare, and government services. Medusa’s ransomware is designed to kill numerous applications and services to prevent detection and mitigation, and it disables shadow copies to thwart recovery efforts. The group’s demands often range from hundreds of thousands to millions of dollars.
Vulnerabilities and Penetration
While the specific vulnerabilities exploited in the TECHNOLOG attack are not publicly detailed, common entry points for ransomware attacks include phishing emails, unpatched software, and weak network security protocols. Given TECHNOLOG’s reliance on sophisticated software solutions and extensive data handling, any lapses in cybersecurity measures could have provided an entry point for Medusa’s ransomware.
Sources
See Halcyon in action
Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!