Ransomware Attack on 1 Source Design by Donutleaks

Overview of 1 Source Design

1 Source Design Ltd, based in Wallaceburg, Ontario, is a prominent player in the tooling and mold-making industry. With nearly 35 years of experience, the company has grown from a modest eight-person shop into a global supplier of tooling solutions, particularly for the automotive sector. They specialize in plastic injection tooling and die casting, operating a state-of-the-art facility with advanced machinery and a workforce of over 45 skilled employees.

Details of the Ransomware Attack

The ransomware group Donutleaks has claimed responsibility for a cyberattack on 1 Source Design. The attackers, referring to their operation as "Jack-Designer-Sparrow," left a detailed note on the company's website, criticizing 1 Source Design for its reluctance to share information. They revealed the discovery of pirated software, serial numbers, and other illicit materials within the company's data. The attackers also highlighted the presence of secret files and clients from "prohibited" countries such as Russia and China, boasting about accessing 50GB of industrial design information.

About Donutleaks Ransomware Group

Donutleaks is a data extortion group known for its double-extortion tactics, where they both encrypt files and leak stolen data. The group uses customized ransomware that scans for specific file extensions to encrypt, renaming encrypted files with the ".d0nut" extension. They maintain a data storage site where stolen data is stored and can be browsed and downloaded by visitors. Donutleaks is known for its theatrical approach, using interesting graphics, humor, and ASCII art in their ransom notes and data leak site.

Potential Vulnerabilities

1 Source Design's extensive use of advanced machinery and software in their operations may have made them a target for ransomware groups like Donutleaks. The presence of pirated software and serial numbers within their data suggests potential vulnerabilities in their cybersecurity practices. Additionally, their global network of partners and clients, including those from countries like China and Russia, may have exposed them to increased risks of cyberattacks.

Penetration of the Company's Systems

While the exact method of penetration is not disclosed, it is likely that Donutleaks exploited vulnerabilities in 1 Source Design's network security. The use of pirated software could have provided an entry point for the attackers. Additionally, the group's expertise in double-extortion tactics and customized ransomware indicates a sophisticated approach to breaching and compromising the company's systems.

Sources

• 1 Source Design
• Bleeping Computer
• Cyware
• HelpRansomware
• BreachSense