Ransomware Attack on Freightliner of Grand Rapids & Kalamazoo by ArcusMedia

Overview of Freightliner of Grand Rapids & Kalamazoo

Freightliner of Grand Rapids & Kalamazoo is a leading commercial truck dealership and service center in Michigan. The company specializes in selling, servicing, and supporting Freightliner trucks, catering to individual truck owners, small businesses, and large commercial fleets. Renowned for their high-quality products and services, the dealership offers a wide range of new and used Freightliner trucks known for their durability, reliability, and advanced technology.

Besides truck sales, the dealership provides comprehensive maintenance and repair services. Their state-of-the-art service centers are staffed by certified technicians who use advanced diagnostic tools and genuine Freightliner parts to ensure top-notch repairs. The dealership also offers a variety of parts and accessories, along with financing and leasing options to help customers manage the cost of acquiring new or used trucks.

Details of the Ransomware Attack

On July 1, 2024, Freightliner of Grand Rapids & Kalamazoo was targeted by a ransomware attack executed by the ArcusMedia ransomware group. ArcusMedia publicly claimed responsibility for the attack via their dark web leak site. While the full extent of the data breach is still unknown, the incident has raised significant concerns about the security of the dealership's systems and the potential impact on their operations and customers.

About ArcusMedia Ransomware Group

ArcusMedia is a relatively new ransomware group active since May 2024. The group uses direct and double extortion methods, often gaining initial access through phishing emails. They deploy custom ransomware binaries and use obfuscation techniques to evade detection. ArcusMedia operates on a Ransomware-as-a-Service (RaaS) model, allowing other threat actors to use their malware in exchange for a share of the profits. The group has a unique affiliate program that requires new affiliates to be referred by trusted members and vetted before participation.

ArcusMedia has targeted various sectors, including government, banking and finance, construction, IT, manufacturing, healthcare, and education. Despite being new, the group has quickly established itself with distinct tactics, techniques, and procedures (TTPs).

Potential Vulnerabilities and Penetration Methods

Freightliner of Grand Rapids & Kalamazoo, like many organizations in the transportation sector, may have several vulnerabilities that could be exploited by threat actors like ArcusMedia. The use of phishing emails to gain initial access suggests that the dealership's employees could have been targeted with malicious attachments or links. Once inside the network, the attackers likely deployed custom ransomware binaries and used obfuscation techniques to avoid detection by security tools.

Sources

• Freightliner of Grand Rapids & Kalamazoo Official Website
• New Threat Actor Drop: Arcus Media
• Arcus Media Ransomware Tracker
• DarkFeed Ransomware Group Tracker