Ransomware Attack on Casco Antiguo by Hunters International

Casco Antiguo, a prominent online retailer specializing in scuba diving equipment, has recently fallen victim to a ransomware attack orchestrated by the Hunters International ransomware group. This incident has raised significant concerns about the security of the company's operations and the potential compromise of sensitive data.

About Casco Antiguo

Casco Antiguo, officially known as Casco Antiguo Comercial S.L., is a Spanish company dedicated to the manufacture, distribution, and sale of commercial, technical, and recreational diving equipment. The company operates primarily through its online platform, cascoantiguo.com, and caters to both recreational and professional diving markets. Their product range includes essential diving gear such as wetsuits, tanks, regulators, and advanced equipment like the DPV (Diver Propulsion Vehicle) XJ-T.

With a presence in multiple countries, including Colombia, Mexico, and Panama, Casco Antiguo serves a diverse customer base. The company also offers business accounts for wholesale customers, enhancing accessibility for dive shops and professionals who require regular supplies of diving gear.

Attack Overview

The ransomware attack on Casco Antiguo has likely disrupted their operations and could potentially compromise sensitive data. The company, which generates annual revenues between $10 million and $4 million, has been listed as a target by the cybercriminals. This attack poses significant challenges to their business continuity and reputation.

About Hunters International

Hunters International is a Ransomware-as-a-Service (RaaS) group that emerged in Q3 of 2023, shortly after the disruption of the notorious Hive ransomware group. The group's ransomware code contains approximately 60% overlap with samples of Hive ransomware, indicating a shared technical lineage. Hunters International's primary objective is to exfiltrate target data and subsequently extort victims with a ransom demand in exchange for the return of the stolen data.

Investigations have revealed potential ties to Nigeria through domain registrations and email addresses associated with the group. However, the group is known to use fake identities and tricky methods to conceal their true origins, making it difficult to definitively determine their location and leadership.

Penetration and Impact

While the exact method of penetration into Casco Antiguo's systems is not publicly disclosed, it is likely that the group exploited vulnerabilities in the company's cybersecurity infrastructure. Given the technical overlap with Hive ransomware, Hunters International may have used similar encryption methods and tactics to infiltrate the company's network.

The attack has resulted in significant data breaches, financial losses, and reputational damage to Casco Antiguo. This incident underscores the importance of effective cybersecurity measures to protect against evolving threats posed by ransomware groups like Hunters International.

Sources

• Casco Antiguo - Official Website
• Global Security Mag - Hunters International
• SOCRadar - Dark Web Profile: Hunters International
• Quorum Cyber - Hunters International Ransomware Report