Ransomware Attack on Egyptian Sudanese Company

Victim Overview

The Egyptian Sudanese Company, a strategic partnership between Egypt and Sudan, was targeted in a ransomware attack by the Arcus Media group. The company focuses on enhancing trade exchange and economic integration between the two countries. Established in 2021, the company plays a significant role in meeting the strategic needs of goods and investing in joint development projects to support economic integration in the Nile Valley.

Company Profile

The Egyptian Sudanese Company stands out in the Media & Internet sector for its commitment to supporting economic integration between Egypt and Sudan. It provides strategic goods and services to both countries, contributing to trade exchange and joint development projects.

Attack Overview

The attack on the Egyptian Sudanese Company is part of a series of 11 attacks carried out by Arcus Media, a new ransomware group that emerged in May 2024. The group utilizes tactics such as phishing emails, deployment of custom ransomware binaries, and obfuscation techniques to evade detection.

Ransomware Group Details

Arcus Media distinguishes itself by operating as a Ransomware-as-a-Service (RaaS) model, allowing other threat actors to use their malware. The group also has a unique affiliate program where new affiliates must be referred by trusted members. Arcus Media has targeted various sectors globally, including government, banking, finance, and healthcare.

Penetration and Vulnerabilities

The Egyptian Sudanese Company may have been targeted due to its involvement in economic activities between Egypt and Sudan. The company's online presence and exchange of strategic goods could have made it a lucrative target for threat actors like Arcus Media. Vulnerabilities in the company's network security may have been exploited through phishing emails and obfuscation techniques used by the ransomware group.

Sources:

• Egyptian Sudanese Company Website
• The Moloch
• WatchGuard Technologies
• DarkFeed