Ransomware Attack on Shamrock Trading Corporation

Victim Overview

Shamrock Trading Corporation, a transportation logistics company, was recently targeted by the ransomware group Embargo. The company, with 860 employees and an annual revenue of $396.9 million, offers services such as freight brokerage, carrier services, and supply chain solutions. Shamrock Trading Corporation has been recognized as one of the "Best Places to Work" and as one of Newsweek's top 100 "Most Loved Workplaces" in America.

Attack Overview

Embargo is a ransomware group known for its sophisticated tactics and the use of the Rust programming language in developing its ransomware. The group employs double extortion tactics, threatening to publicly release or sell stolen data if ransom demands are not met. Embargo ransomware utilizes ChaCha20 and Curve25519 for file encryption and appends a ".564ba1" extension to encrypted files.

Ransomware Group Details

Embargo ransomware stands out for its programming language choice, double extortion tactics, and similarities with other ransomware groups like ALPHV. The group's use of Rust makes the ransomware difficult to analyze or reverse-engineer, adding to the challenge of defending against it.

Company Vulnerabilities

Shamrock Trading Corporation's prominence in the transportation sector and its financial services offerings make it an attractive target for threat actors like Embargo. The company's large size, extensive operations, and valuable data make it vulnerable to ransomware attacks that can disrupt its business operations and compromise sensitive information.

Sources:

• RocketReach - Shamrock Trading Corporation Profile
• Cyble - The Rust Revolution: New Embargo Ransomware Steps In