Ransomware Attack on Sullair Argentina S.A.

Victim Overview

Sullair Argentina S.A. is a company specializing in manufacturing, distributing, and renting equipment for various sectors, including industry, construction, services, and show business. They focus on providing air compressors, generator sets, work platforms, handlers, lighting towers, and earth-moving equipment. Founded in 1979, the company is headquartered in Buenos Aires, Argentina.

Company Standout

The company stands out for offering machinery solutions and energy generation services tailored to different industries. They provide power generation using diesel generators, natural gas, and dual turbines, catering to specific project needs.

Attack Details

Sullair Argentina was targeted by the cybercriminal group Red Ransomware, known for encrypting data and demanding payment for its release. The attack on Sullair Argentina's website involved the encryption of data, rendering it inaccessible to the company.

Ransomware Group Profile

Red Ransomware, also known as Red CryptoApp, is a new ransomware group that emerged in March 2024. The group targets organizations primarily in the United States across various industries, including Manufacturing, among others. They exploit vulnerabilities or use phishing emails with malicious attachments to infect systems and encrypt files with the .REDCryptoApp extension.

Penetration and Vulnerabilities

This ransomware group distinguishes itself by using AI-generated text in communications, maintaining two TOR domains for hosting leaked victim data, and having substantial financial demands, such as a ransom demand of $5 million observed in one instance. The group's ability to penetrate Sullair Argentina's systems may have been through exploiting vulnerabilities in the company's network or through phishing emails containing malicious attachments.

Sources:

• CB Insights - Sullair Argentina S.A.
• SocRadar - Red Ransomware