Ransomware Attack on Rio Technologies LTD by Arcus Media

Victim Overview

Rio Technologies LTD, a data technology company based in New York City, USA, was targeted in a ransomware attack by the relatively new threat actor, Arcus Media. The company specializes in simplifying decision-making through innovative data-driven solutions and has a revenue of $1 million. With 11-50 employees, Rio Technologies LTD stands out in the industry for its focus on leveraging technology, information, and the internet to provide cutting-edge solutions.

Attack Details

Arcus Media, known for conducting direct and double extortion methods, targeted Rio Technologies LTD as part of their 11 attacks since their discovery in May 2024. The group uses phishing emails with malicious attachments to gain initial access, deploys custom ransomware binaries, and employs obfuscation techniques to evade detection. They also establish persistence on infected systems and use credential dumping tools for privilege escalation.

Ransomware Group Overview

Arcus Media operates as a Ransomware-as-a-Service (RaaS) model, allowing other threat actors to use their malware while taking a cut of the profits. The group has targeted various sectors globally, including government, banking, finance, healthcare, and education. Arcus Media distinguishes itself with a unique affiliate program where new affiliates must be referred by a trusted affiliate and vetted to participate.

Attack Vector

Arcus Media could have penetrated Rio Technologies LTD's systems through phishing emails with malicious attachments, exploiting vulnerabilities in the company's network security. By deploying custom ransomware binaries and obfuscation techniques, the group was able to encrypt the company's data and demand a ransom for decryption.

Sources:

• The Moloch - New Threat Actor: Arcus Media
• WatchGuard Technologies - Arcus Media Ransomware Tracker
• DarkFeed - Ransomware Groups