Ransomware Hits SOFPO Exposing Manufacturing Sector Risks

Incident Date: Oct 09, 2024

Attack Overview
VICTIM
SOFPO (Exideuil)
INDUSTRY
Manufacturing
LOCATION
France
ATTACKER
8base
FIRST REPORTED
October 9, 2024

Ransomware Attack on SOFPO: A Deep Dive into the 8Base Breach

In a significant cybersecurity incident, SOFPO, a subsidiary of the Rossmann Group, has been targeted by the notorious 8Base ransomware group. This attack underscores the vulnerabilities faced by companies in the manufacturing sector, particularly those specializing in innovative and sustainable packaging solutions.

About SOFPO and Its Industry Standing

SOFPO, based in Exideuil, France, is a key player in the packaging industry, focusing on the production of corrugated cardboard. Established in 1979, the company has carved a niche for itself by emphasizing eco-design and sustainability. SOFPO's commitment to using renewable materials and energy-efficient production methods aligns with contemporary demands for environmentally friendly packaging solutions. As part of the Rossmann Group, SOFPO contributes significantly to the group's extensive portfolio, which spans packaging, consumer goods, and industrial services.

Details of the Ransomware Attack

The ransomware attack on SOFPO was initiated on September 23, 2024, with the breach being publicly disclosed on September 30, 2024. The attack led to the unauthorized upload of sensitive documents, including invoices, accounting records, personal data, and confidential agreements, to the attackers' servers. This breach poses significant risks to SOFPO's operations and the privacy of its employees and clients.

Understanding the 8Base Ransomware Group

The 8Base ransomware group has gained notoriety for its aggressive tactics and sophisticated double-extortion operations. Emerging in April 2022, the group employs AES-256 encryption and utilizes a variant of the Phobos ransomware. Their attacks typically begin with phishing emails or through compromised credentials sold on the Dark Web. The group is known for encrypting data and exfiltrating sensitive information, threatening to leak it if the ransom is not paid. This approach aims to inflict both financial and reputational damage on victims.

Potential Vulnerabilities and Attack Penetration

SOFPO's focus on innovation and sustainability, while commendable, may have inadvertently exposed vulnerabilities that threat actors like 8Base could exploit. The manufacturing sector's reliance on interconnected systems and digital processes can create entry points for cybercriminals. In this case, the 8Base group likely penetrated SOFPO's systems through phishing emails or compromised credentials, underscoring the need for effective cybersecurity measures.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

1
2
3
Let's get started
1
1
2
3
1
1
2
2
3
Back
Next
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.