Ransomware Breach at AmChar Wholesale by Cactus Group

Incident Date: Sep 25, 2024

Attack Overview

VICTIM

AmChar Wholesale, Inc.

INDUSTRY

Manufacturing

LOCATION

USA

ATTACKER

Cactus

FIRST REPORTED

September 25, 2024

Request Removal

Ransomware Attack on AmChar Wholesale: A Detailed Analysis

AmChar Wholesale, Inc., a leading distributor in the firearms industry, has recently been targeted by the Cactus ransomware group. This attack has compromised sensitive data, posing significant risks to the company's operations and reputation.

About AmChar Wholesale

Founded in 1980 by Tony DiChario, AmChar Wholesale has established itself as a prominent distributor of firearms and related products, primarily serving law enforcement agencies and independent dealers across the United States. With a reputation for integrity and customer service, the company operates multiple distribution centers, including locations in Rochester, New York, Puerto Rico, Canada, Georgia, South Carolina, and North Carolina. AmChar's commitment to supporting local dealers and law enforcement has positioned it as a leading distributor of Glock law enforcement products.

Attack Overview

The Cactus ransomware group has claimed responsibility for the attack on AmChar Wholesale, exploiting vulnerabilities in the company's systems. The attack has resulted in the theft of a wide array of sensitive data, including personal identifiable information, financial documents, database backups, employee personal documents, corporate data and contracts, customer information, and corporate correspondence. The attackers have made this data available on the dark web, further exacerbating the potential damage to AmChar's financial stability and stakeholder trust.

About the Cactus Ransomware Group

Identified in March 2023, the Cactus ransomware group has quickly become a notable player in the ransomware landscape. Known for its sophisticated tactics, Cactus employs a double-extortion model, encrypting data and threatening to leak sensitive information if the ransom is not paid. The group primarily gains access to networks by exploiting known vulnerabilities in VPN devices and data analytics platforms. Cactus distinguishes itself through its ability to encrypt its own binary, evading detection by antivirus software, and its rapid adaptation to newly discovered vulnerabilities.

Potential Vulnerabilities

AmChar Wholesale's extensive operations and reliance on digital infrastructure may have made it vulnerable to such an attack. The company's broad geographical reach and significant data handling requirements could have provided multiple entry points for the ransomware group. The exploitation of VPN vulnerabilities, a common tactic of the Cactus group, may have facilitated the initial breach into AmChar's systems.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.