Ransomware Attack on The Coffee Bean & Tea Leaf by INC Ransom Group

Incident Date: Jul 13, 2024

Attack Overview

VICTIM

The Coffee Bean & Tea Leaf

INDUSTRY

Retail

LOCATION

USA

ATTACKER

Inc Ransom

FIRST REPORTED

July 13, 2024

Request Removal

Ransomware Attack on The Coffee Bean & Tea Leaf by INC Ransom

Company Overview

The Coffee Bean & Tea Leaf, founded in 1963 by Herbert B. Hyman, is a leading coffee and tea chain headquartered in Los Angeles, California. The company operates over 1,000 stores in nearly 30 countries, including the United States, Singapore, Malaysia, and India. Known for its high-quality ingredients and innovative products like the "Original Ice Blended" drink, the company has a strong emphasis on sustainability and corporate responsibility. In 2019, it was acquired by Jollibee Foods Corporation for $650 million.

Attack Overview

Recently, The Coffee Bean & Tea Leaf fell victim to a ransomware attack orchestrated by the notorious INC Ransom group. The attackers managed to exfiltrate sensitive data, including contracts, financial records, confidential documents, non-disclosure agreements, and invoices. This breach has put significant confidential business information at risk, highlighting the severe security challenges faced by the company.

About INC Ransom

INC Ransom is a highly sophisticated cybercriminal group known for its targeted ransomware attacks on corporate and organizational networks. The group employs advanced techniques such as spear-phishing campaigns and exploiting vulnerabilities like CVE-2023-3519 in Citrix NetScaler. Their attacks involve double extortion, where they not only encrypt data but also steal it and threaten to release it publicly to increase pressure on victims to comply with ransom demands. Active since 2023, INC Ransom has targeted various industries, including healthcare, education, government entities, and technology companies.

Penetration and Vulnerabilities

While the exact method of penetration in this case remains unclear, INC Ransom typically uses a combination of spear-phishing and exploiting known vulnerabilities to gain initial access. Once inside, they use both Commercial Off-The-Shelf (COTS) software and legitimate system tools for reconnaissance and lateral movement within the network. The Coffee Bean & Tea Leaf's extensive digital footprint and the sensitive nature of its data made it an attractive target for such a sophisticated group.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.