RansomHub Ransomware Hits Major US Manufacturer All American Poly
RansomHub Ransomware Group Targets All American Poly in Major Cyber Attack
All American Poly, the largest privately-held blown film extrusion manufacturer in the United States, has fallen victim to a ransomware attack orchestrated by the notorious RansomHub group. The attackers claim to have exfiltrated 500 GB of sensitive data from the company, raising significant concerns about the impact on its operations and client relationships.
About All American Poly
Established in 1979, All American Poly has grown from a small family business into a leading player in the polyethylene extrusion industry. Headquartered in Piscataway, New Jersey, the company operates three manufacturing facilities and over twenty distribution centers across the country. With a workforce exceeding 400 employees, All American Poly extrudes more than 150 million pounds of polyethylene annually. The company specializes in producing a wide range of flexible packaging solutions, including bags, plastic sheeting, liners, and innovative films for various industries such as food and beverage, agriculture, and industrial sectors.
What Makes All American Poly Stand Out
All American Poly is renowned for its commitment to quality and efficiency in the packaging industry. Notable products include the Independence® shrink bundling film and the Unite® stretch hooder film, both recognized for their performance and cost-efficiency. The company emphasizes a customer-centric approach, focusing on building strong relationships with clients and providing tailored solutions to meet specific needs. Additionally, All American Poly is committed to sustainability practices, aiming to minimize waste and reduce its carbon footprint.
Vulnerabilities and Attack Overview
Despite its operational model, All American Poly's extensive network of manufacturing facilities and distribution centers presents multiple entry points for cyber attackers. The RansomHub group, known for its aggressive and adaptable affiliate model, likely exploited vulnerabilities in the company's systems. Common infection vectors used by RansomHub include phishing campaigns, vulnerability exploitation, and password spraying. The group is also known for leveraging zero-day vulnerabilities to gain initial access.
About RansomHub
RansomHub, a Ransomware-as-a-Service (RaaS) group, emerged in February 2024 and quickly established itself as a formidable player in the ransomware landscape. The group employs a double extortion strategy, encrypting victims' data and exfiltrating sensitive information to increase leverage in ransom demands. RansomHub's ransomware is optimized for speed and efficiency, capable of encrypting large datasets quickly while targeting cross-platform systems. The group has a reputation for being ruthless and efficient, combining encryption with advanced data exfiltration techniques.
Penetration and Impact
RansomHub's affiliates likely penetrated All American Poly's systems through a combination of phishing campaigns and exploiting unpatched vulnerabilities. Once inside, they conducted network reconnaissance, escalated privileges, and exfiltrated data before encrypting files. The attack has significant implications for All American Poly, potentially disrupting operations and damaging client relationships. The exfiltration of 500 GB of data also raises concerns about the exposure of sensitive information.
Sources
See Halcyon in action
Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!