Ransomware Attack Hits Leading Tunisian Plastics Firm ExcelPlast
Ransomware Attack on ExcelPlast Tunisie by ORCA Group
ExcelPlast Tunisie, a leading company in the plastic transformation industry in Tunisia, has recently fallen victim to a ransomware attack orchestrated by the notorious ORCA group. The attackers claim to have exfiltrated 20 GB of sensitive data, potentially compromising critical information about the company's operations and clients.
About ExcelPlast Tunisie
ExcelPlast Tunisie SA is a prominent company based in Hammam Zriba, Tunisia, specializing in the processing of plastics. The company is recognized as a pioneer in the manufacture of polypropylene and polyester strapping within the Maghreb region. Leveraging advanced European technology, ExcelPlast Tunisie focuses on performance, quality, and safety, making its products superior to traditional metallic strapping. The company employs between 100 and 249 individuals and generates approximately $14.7 million in revenue annually.
ExcelPlast Tunisie stands out in its industry due to its commitment to high-quality standards, customer satisfaction, and sustainable practices. The company adheres to strict environmental regulations and actively participates in community initiatives focused on health, education, and environmental preservation. Its products are not only popular within Tunisia but are also regularly exported to North African countries, Europe, the Middle East, and Sub-Saharan Africa.
Attack Overview
The ORCA ransomware group has claimed responsibility for the attack on ExcelPlast Tunisie via their dark web leak site. The attackers have reportedly exfiltrated 20 GB of data, which could include sensitive information about the company's operations, clients, and employees. The ransomware group is known for its double-extortion tactics, where they not only encrypt files but also threaten to publish stolen data if the ransom is not paid.
About ORCA Ransomware Group
The ORCA ransomware is a sophisticated malware variant that belongs to the ZEPPELIN family. It employs strong encryption techniques to lock files on infected systems, making recovery without the decryption key virtually impossible. The group is notorious for its double-extortion tactics, demanding ransom payments in Bitcoin and threatening to publish exfiltrated data if the ransom is not paid. The ransomware modifies file extensions to '.ORCA' followed by a unique ID for each victim and leaves a ransom note named `HOW_TO_RECOVER_DATA.hta` on the victim's desktop.
Potential Vulnerabilities
ExcelPlast Tunisie's commitment to innovation and performance, while a strength, may also expose it to vulnerabilities. The company's extensive use of advanced technology and its significant digital footprint could make it an attractive target for ransomware groups like ORCA. Additionally, the company's international operations and large workforce may present multiple entry points for cyber attackers.
Sources
See Halcyon in action
Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!