Modulkit Hit by Meow Ransomware: 3GB of Sensitive Data Stolen

Incident Date: Aug 27, 2024

Attack Overview
VICTIM
Modulkit 21
INDUSTRY
Manufacturing
LOCATION
Spain
ATTACKER
Meow
FIRST REPORTED
August 27, 2024

Ransomware Attack on Modulkit: Meow Ransomware Group Claims Responsibility

Modulkit, a prominent manufacturer of modular and custom wardrobes based in Manresa, Barcelona, has recently fallen victim to a ransomware attack orchestrated by the notorious Meow ransomware group. The attack has resulted in the exfiltration of over 3 GB of sensitive data, posing a significant threat to the company's operations and reputation.

Company Profile

Modulkit, officially registered as MODULKIT 21 SL, specializes in the design and manufacturing of modular furniture, with a particular focus on wardrobes. The company offers a diverse range of products, including sliding and hinged wardrobes, bespoke closet systems, and sanitary cabins. Modulkit is known for its innovative and customizable solutions, catering to both residential and commercial projects. The company operates primarily in the household and institutional furniture and kitchen cabinet manufacturing sector and is classified as a small to medium-sized enterprise (SME).

Attack Overview

The Meow ransomware group has claimed responsibility for the attack on Modulkit via their dark web leak site. The attackers have reportedly exfiltrated sensitive employee information, client details, scanned payment documents, personal data, technical drawings, and project designs. This breach not only threatens the security of Modulkit's clients and employees but also jeopardizes the company's reputation for high-quality, customizable furniture solutions.

About Meow Ransomware Group

Meow Ransomware emerged in late 2022 and has been associated with the Conti v2 ransomware variant. The group is known for targeting industries with sensitive data, such as healthcare and medical research. Meow Ransomware employs various infection methods, including phishing emails, exploit kits, Remote Desktop Protocol (RDP) vulnerabilities, and malvertising. Once a system is compromised, the ransomware encrypts files using a combination of the ChaCha20 and RSA-4096 algorithms. The group maintains a data leak site where they list victims who have not paid the ransom.

Penetration and Vulnerabilities

The exact method of penetration in the Modulkit attack is not publicly disclosed, but it is likely that the attackers exploited common vulnerabilities such as phishing emails or RDP vulnerabilities. Modulkit's focus on high-quality, customizable solutions and its extensive catalog of technical drawings and project designs make it an attractive target for ransomware groups seeking valuable data. The breach underscores the importance of stringent cybersecurity measures, particularly for SMEs in the manufacturing sector.

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

1
2
3
Let's get started
1
1
2
3
1
1
2
2
3
Back
Next
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.