Ransomware Attack on Leading Pakistani Logistics Firm AG&C
Ransomware Attack on Ali Gohar & Company Limited by Medusa Group
Ali Gohar & Company Limited (AG&C), a leading distribution and logistics firm based in Karachi, Pakistan, has fallen victim to a ransomware attack orchestrated by the Medusa ransomware group. The attackers claim to have exfiltrated 51.9 GB of sensitive data and have threatened to release it publicly within 11 to 12 days unless their demands are met.
Company Profile
Established in 1950, AG&C has over 60 years of experience in the supply chain sector. The company specializes in providing comprehensive distribution services, particularly in the pharmaceutical and healthcare industries. AG&C operates a vast network covering approximately 720 cities and towns across Pakistan, connecting manufacturers and consumers through state-of-the-art technology and equipment. The company employs between 1001 to 5000 individuals and is known for its innovative approach, including the use of advanced cold chain technology to manage temperature-sensitive products.
Attack Overview
The Medusa ransomware group has posted sample screenshots of the stolen data on their dark web portal to substantiate their claims. This breach poses a significant risk to AG&C's operations and reputation, highlighting the growing threat of ransomware attacks on critical supply chain entities. The temporary unavailability of AG&C's website further complicates the situation, limiting access to detailed information about the company's current status and response to the attack.
Medusa Ransomware Group
Medusa is a ransomware group that emerged in late 2022 and has gained notoriety for its aggressive tactics and high-profile attacks. Operating as a Ransomware-as-a-Service (RaaS) platform, Medusa allows affiliates to use its ransomware to launch attacks. The group has targeted various sectors globally, including education, healthcare, and government services. Medusa's ransomware is designed to kill numerous applications and services to prevent detection and mitigation, and it disables shadow copies to thwart recovery efforts.
Potential Vulnerabilities
AG&C's extensive network and reliance on state-of-the-art technology make it a lucrative target for ransomware groups like Medusa. The company's use of sophisticated Management Information Systems (MIS) and Quality Assurance protocols, while enhancing operational efficiency, also presents potential entry points for cyber attackers. The breach underscores the importance of cybersecurity measures to protect critical supply chain operations from increasingly sophisticated ransomware threats.
Sources
See Halcyon in action
Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!