Meow Ransomware Group Targets Diamcad in Major Cyber Attack

Diamcad, a prominent diamond company based in Antwerp, Belgium, has fallen victim to a ransomware attack orchestrated by the Meow ransomware group. The attackers claim to have exfiltrated over 120 GB of sensitive data from Diamcad, a company renowned for its expertise in diamond assessment, cutting, and polishing.

About Diamcad

Diamcad operates in the manufacturing sector, specifically within the diamond industry. Established in 1989, the company has over three decades of experience and employs approximately 33 full-time equivalents (FTEs). Diamcad reported an annual turnover of €48,091,756 as of its most recent financial statements. The company is headquartered in Antwerp's diamond district, a strategic location that underscores its prominence in the global diamond market.

Diamcad specializes in the assessment, cutting, and polishing of high-value diamonds. Their operations are characterized by the use of advanced optimization algorithms and cutting-edge laser sawing techniques. This blend of traditional craftsmanship and modern technology has enabled Diamcad to work on some of the world's most famous diamonds, including the Lesedi la Rona and the Queen of Kalahari.

Attack Overview

The Meow ransomware group has claimed responsibility for the attack on Diamcad via their dark web leak site. The group alleges that they have exfiltrated over 120 GB of sensitive data from Diamcad's systems. To substantiate their claims, Meow has posted sample screenshots of the stolen data, increasing the pressure on Diamcad to respond to the breach.

About Meow Ransomware Group

Meow Ransomware emerged in late 2022 and is associated with the Conti v2 ransomware variant. The group resurfaced in late 2023 and has been highly active in 2024. Meow Ransomware primarily targets industries with sensitive data, such as healthcare and medical research. They employ various infection methods, including phishing emails, exploit kits, Remote Desktop Protocol (RDP) vulnerabilities, and malvertising.

Once a system is compromised, Meow Ransomware encrypts files using a combination of the ChaCha20 and RSA-4096 algorithms. The group leaves behind a ransom note named "readme.txt," instructing victims to contact them via email or Telegram to negotiate the ransom payment. Security researchers have identified the threat actors behind Meow Ransomware as the "Anti-Russian Extortion Group," likely due to their targeting of entities in response to the Russia-Ukraine war.

Potential Vulnerabilities

Diamcad's reliance on advanced technology and digital systems for diamond assessment and processing may have made them a target for ransomware groups like Meow. The company's significant turnover and high-value assets further increase its attractiveness to cybercriminals. The attack highlights the importance of stringent cybersecurity measures, especially for companies operating in high-stakes industries like diamond manufacturing.

Sources

• Diamcad Official Website
• SOCRadar - Dark Web Profile: Meow Ransomware
• SalvageData - Meow Ransomware
• Alvaka Networks - Meow Ransomware Recovery Services
• WatchGuard - Meow Ransomware