Qilin Ransomware Strikes Major Peruvian Sugar Producer

Incident Date: Jul 05, 2024

Attack Overview

VICTIM

Pomalca S.A.A.

INDUSTRY

Agriculture

LOCATION

Peru

ATTACKER

Qilin

FIRST REPORTED

July 5, 2024

Request Removal

Ransomware Attack on Pomalca S.A.A. by Qilin Group: An In-depth Analysis

Company Profile: Pomalca S.A.A.

Pomalca S.A.A., a stalwart in the Peruvian agricultural sector, specializes in the cultivation and processing of sugarcane. Founded in 1871, the company has grown to become one of the largest sugar producers in Peru. Pomalca stands out in its industry due to its integration of traditional farming with advanced industrial processes, which includes the production of sugar and its by-products like molasses and bagasse. These by-products are innovatively used in producing ethanol and bioenergy, showcasing the company's commitment to sustainability. The company's operations not only support the local economy by providing numerous jobs but also enhance the region's technological and infrastructural development.

Details of the Ransomware Attack

On July 8, 2024, Pomalca S.A.A. fell victim to a ransomware attack orchestrated by the Qilin ransomware group. The specifics regarding the extent of the data breach and the demands of the attackers remain undisclosed at this stage. However, the attack underscores the vulnerability of even those enterprises that are perceived as less likely targets for cybercriminal activities due to their industrial nature and geographical location.

Profile of the Qilin Ransomware Group

The Qilin group, also known as Agenda, is a Ransomware-as-a-Service (RaaS) provider with suspected Russian origins. Known for its sophisticated attack methodologies, Qilin has targeted a variety of sectors including healthcare, automotive, and government agencies since its emergence in late 2022. The group is named after a mythical Chinese creature, symbolizing its stealth and adaptability. Qilin's modus operandi typically involves data exfiltration followed by a double extortion scheme, where they threaten to release the stolen data unless a ransom is paid.

Potential Vulnerabilities and Entry Points

While the exact method of infiltration used by Qilin in the attack on Pomalca remains unclear, common entry points for such groups include phishing attacks, exploitation of unpatched software vulnerabilities, and compromised credentials. Given the scale of Pomalca’s operations and its significant digital footprint, multiple vectors could have been exploited. The integration of modern technology with traditional agricultural practices, although beneficial, also increases the attack surface, potentially exposing the company to cyber threats.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.