Ransomware Attack on Grupo Scanda by Cactus Ransomware Group

Victim Overview

Grupo Scanda is a Mexican company with over 25 years of experience in providing IT services and consulting. They have a significant presence in the IT market, with 1,600 employees and annual revenue of $180 million. Grupo Scanda offers cutting-edge solutions and technologies to take businesses to the next level.

Attack Overview

The company fell victim to a severe cyberattack by the Cactus ransomware group, resulting in the compromise of their website. The attack exposed 387 gigabytes of data, potentially including sensitive information. This incident highlights the importance of robust cybersecurity measures to protect against such threats and safeguard data.

Ransomware Group Profile

The Cactus ransomware group, operating as a ransomware-as-a-service (RaaS), is known for exploiting vulnerabilities and leveraging malvertising lures for targeted attacks. They employ unique encryption techniques to avoid detection and have been observed targeting organizations of all sizes across various industries.

How the Attack Happened

Cactus ransomware affiliates use custom scripts to disable security tools and distribute the ransomware. They exploit vulnerabilities like ZeroLogon (CVE-2020-1472) to gain access to domain controllers and escalate privileges. The group's tactics align with the MITRE ATT&CK Framework, demonstrating a sophisticated understanding of cyber threats.

Sources:

• Grupo Scanda Profile
• Grupo Scanda Website
• Cactus Ransomware Decryption
• Cactus Ransomware Encryption Techniques
• Ransomware Threat Prevention