Schuette Metals Ransomware Attack: Cactus Group

Incident Date: May 20, 2024

Attack Overview

VICTIM

schuette metals

INDUSTRY

Manufacturing

LOCATION

USA

ATTACKER

Cactus

FIRST REPORTED

May 20, 2024

Request Removal

Schuette Metals Ransomware Attack by Cactus Group

Company Overview

Schuette Metals, a leading metal fabrication company based in Rothschild, Wisconsin, specializing in custom metal fabrication, welding, and machining services. They cater to various industries such as architectural, agricultural, construction, defense, and industrial sectors. With a history dating back to 1957, Schuette Metals has established a reputation for providing high-quality products and services.

Company Size and Standout

With approximately 137 employees and a revenue of $28.9 million, Schuette Metals stands out in the metal fabrication industry for its unique services, particularly in the agricultural and defense sectors. The company's Quick Response Manufacturing (QRM) process has enabled them to reduce costs and lead times for their customers.

Ransomware Attack Overview

Schuette Metals fell victim to a ransomware attack by the Cactus group, a sophisticated threat actor known for its double-extortion tactics. The attackers managed to exfiltrate 280 GB of data from the company's systems, although the specific type of data has not been disclosed. This breach signifies a significant security incident for Schuette Metals.

Cactus Ransomware Group

The Cactus ransomware group is a relatively new but highly skilled threat actor that has been active since March 2023. Known for exploiting vulnerabilities in VPN appliances and Qlik Sense software, conducting phishing attacks, and partnering with malware distributors, Cactus employs advanced encryption techniques to evade detection.

Attack Details

Cactus gained unauthorized access to Schuette Metals' systems by exploiting VPN vulnerabilities and establishing an SSH backdoor for persistence. The group utilized AES-256-GCM and RSA-4096 encryption algorithms to encrypt files, threatening to leak the stolen data on their dark web portal if the ransom was not paid. This attack highlights the importance of robust cybersecurity measures to protect against evolving ransomware threats.

Sources:

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.