Ransomware Attack on Sherbrooke Metals by BrainCipher Exposes 25GB of Data

Incident Date: Jul 21, 2024

Attack Overview

VICTIM

Sherbrooke Metals

INDUSTRY

Manufacturing

LOCATION

USA

ATTACKER

BrainCipher

FIRST REPORTED

July 21, 2024

Request Removal

Ransomware Attack on Sherbrooke Metals by BrainCipher

Company Overview

Sherbrooke Metals, based in Willoughby, Ohio, is a specialized manufacturer known for its production of advanced metal products, particularly Elkonite® copper-tungsten materials. These materials are prized for their high electrical conductivity and mechanical strength, making them essential in industries requiring durability and performance under high-stress conditions. The company operates with a small team of 2-10 employees, allowing for a focused and specialized approach to their products and services.

Attack Overview

On July 22, 2024, Sherbrooke Metals fell victim to a ransomware attack orchestrated by the cybercriminal group BrainCipher. The attackers reportedly exfiltrated 25GB of confidential data from the company. To substantiate their claims, BrainCipher leaked a sample of the stolen data on their dark web leak site. This breach has put Sherbrooke Metals in a precarious position as they navigate the aftermath of this significant security incident.

Vulnerabilities and Impact

Sherbrooke Metals' small team and specialized focus may have contributed to vulnerabilities in their cybersecurity measures. The manufacturing sector, particularly companies dealing with advanced materials like Elkonite®, is often targeted by ransomware groups due to the critical nature of their operations and the high value of their intellectual property. The breach highlights the importance of robust cybersecurity measures, even for smaller enterprises.

About BrainCipher

BrainCipher is a relatively new ransomware group that emerged in June 2024. The group gained notoriety after a high-profile attack on Indonesia’s National Data Center. BrainCipher primarily uses phishing and spear phishing to deliver their ransomware payloads, which are based on LockBit. The group is known for encrypting files and appending a distinctive file extension, as well as encrypting file names. They operate a TOR-based data leak site where they publish information about companies that fail to protect personal data.

Penetration Methods

BrainCipher likely penetrated Sherbrooke Metals' systems through phishing or spear phishing attacks, possibly facilitated by initial access brokers. Once inside, they deployed their ransomware payload, encrypting files and exfiltrating data. The group's sophisticated techniques, including hiding threads from debuggers and executing in a suspended mode, make detection and mitigation challenging.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.