Ransomware Attack on CAM Tyre Trade Systems & Solutions by Qilin Group

CAM Tyre Trade Systems & Solutions, a prominent player in the tyre industry software sector, has recently fallen victim to a ransomware attack orchestrated by the Qilin group. The attack has significantly disrupted the company's operations, compromising critical data and systems.

About CAM Tyre Trade Systems & Solutions

CAM Tyre Trade Systems & Solutions, based in Dursley, Gloucestershire, England, specializes in providing comprehensive business management software tailored for the tyre industry. Their flagship product, CAMEO, integrates essential functionalities such as sales and ordering, stock control, integrated accounting, purchasing, pricing management, workshop scheduling, and customer/supplier management. The company supports over 70% of the UK tyre market, catering to manufacturers, wholesalers, and retailers.

What Makes CAM Stand Out

CAM's innovative solutions, such as the Online Tyre Catalogue (OTC) and Warehouse Management Solution (WMS), streamline operations and enhance efficiency within the tyre trade ecosystem. Their commitment to continuous innovation and customer support has established them as a leader in the industry. The company's ability to offer both onsite and cloud-based solutions via CAM CLOUD further enhances their accessibility and scalability.

Vulnerabilities and Attack Overview

The ransomware attack on CAM Tyre Trade Systems & Solutions highlights the vulnerabilities that even industry leaders face. The Qilin group, known for its sophisticated cyber attacks, likely gained initial access through phishing emails containing malicious links. Once inside, they employed lateral movement techniques to escalate privileges and exfiltrate sensitive data before encrypting critical files. The specifics of the ransom demand have not been disclosed, but the attack has undoubtedly caused significant operational disruptions.

About the Qilin Ransomware Group

Qilin, also known as Agenda, is a ransomware group that operates under a Ransomware-as-a-Service (RaaS) model. They have gained notoriety for their advanced techniques, including the use of Rust-based malware, which enhances their evasion capabilities. Qilin employs a double extortion strategy, threatening to release stolen data if the ransom is not paid. Their operations have targeted over 150 organizations in 25 countries, affecting various sectors including healthcare, education, and large enterprises.

Penetration Techniques

Qilin's penetration techniques involve phishing emails to gain initial access, followed by exploiting vulnerabilities to move laterally within the network. They customize their attacks to maximize disruption, often terminating specific processes and modifying file extensions. Their dark web presence serves as a platform for extortion and public shaming, pressuring victims into compliance.

Sources

• CAM Systems Ltd
• Group-IB Blog on Qilin
• Avertium Threat Report on Qilin
• Cyberint Research on Qilin
• Darktrace Blog on Qilin