RansomHub Strikes Markdom Plastic Products in Major Cyberattack

Incident Date: Sep 29, 2024

Attack Overview

VICTIM

Markdom Plastic Products Ltd

INDUSTRY

Manufacturing

LOCATION

Canada

ATTACKER

Ransomhub

FIRST REPORTED

September 29, 2024

Request Removal

RansomHub Ransomware Attack on Markdom Plastic Products Ltd

Markdom Plastic Products Ltd, a prominent Canadian manufacturer specializing in plastic products for the automotive industry, has fallen victim to a ransomware attack orchestrated by the notorious RansomHub group. Established in 2006, Markdom has built a reputation for quality and innovation in Tier 1 injection molding and sub-assembly services. With a workforce of approximately 69 employees and an annual revenue of $16.7 million, the company is a significant player in its sector.

Company Profile and Industry Standing

Markdom Plastic Products Ltd is headquartered in Toronto, Ontario, and is recognized for its commitment to quality and customer satisfaction. The company serves the automotive industry and extends its expertise to consumer goods, showcasing its diverse capabilities. Markdom's focus on teamwork and collaboration has enabled it to maintain high levels of customer satisfaction and loyalty, making it a reliable supplier in a competitive market.

Attack Overview

The RansomHub ransomware group claims to have exfiltrated 160 GB of data from Markdom's systems. This attack highlights the vulnerabilities that even well-established companies face in the digital age. RansomHub, known for its aggressive affiliate model and double extortion tactics, has targeted Markdom to leverage sensitive data for ransom demands. The group's ability to encrypt large datasets quickly and target cross-platform systems makes it a formidable threat.

RansomHub's Distinctive Approach

RansomHub distinguishes itself through its use of intermittent encryption, which minimizes encryption time while maintaining impact. The group employs Curve 25519 elliptic curve encryption to generate unique keys per victim, ensuring security for their operations. RansomHub's modular architecture allows affiliates to update ransomware strains quickly, evading detection and enhancing their attack capabilities.

Potential Vulnerabilities

Markdom's reliance on digital systems for its manufacturing processes may have exposed it to vulnerabilities exploited by RansomHub. The group's affiliates are known to use phishing campaigns, vulnerability exploitation, and password spraying to gain initial access. Once inside, they conduct network reconnaissance and privilege escalation before exfiltrating data and encrypting files. This sophisticated approach underscores the importance of comprehensive cybersecurity measures for companies like Markdom.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.