Significant Ransomware Attack on Verco Office Furniture Ltd by Cactus Group

Incident Date: Jul 16, 2024

Attack Overview

VICTIM

Verco Office Furniture Ltd

INDUSTRY

Manufacturing

LOCATION

United Kingdom

ATTACKER

Cactus

FIRST REPORTED

July 16, 2024

Request Removal

Ransomware Attack on Verco Office Furniture Ltd by Cactus Group

Overview of Verco Office Furniture Ltd

Verco Office Furniture Ltd, established in 1912, is a prominent British manufacturer and designer of high-quality office furniture. The company, headquartered in High Wycombe, Buckinghamshire, specializes in creating functional and stylish workspaces with a focus on employee well-being and productivity. Verco's product range includes chairs, desks, tables, and soft furnishings, catering to various office needs. The company operates globally, with a presence in the United States, Australia, and France, and delivers its products throughout the UK using its own fleet of vehicles.

Details of the Ransomware Attack

Verco Office Furniture Ltd has recently fallen victim to a ransomware attack orchestrated by the Cactus ransomware group. The attackers have exfiltrated a substantial 592GB of data, including corporate confidential data, contracts, engineering data, drawings, projects, and personal files of employees and executives. Financial documents, statements, and corporate correspondence have also been compromised. This breach poses significant risks to Verco's operations and reputation, given the sensitive nature of the data involved.

About the Cactus Ransomware Group

The Cactus ransomware group, first discovered in March 2023, operates as a ransomware-as-a-service (RaaS). The group is known for exploiting vulnerabilities and leveraging malvertising lures for targeted attacks. Cactus ransomware affiliates use custom scripts to disable security tools and distribute the ransomware, targeting organizations across various industries. The group employs unique encryption techniques to avoid detection, using a batch script to obtain the encryptor binary via 7-Zip and deploying it with an execution flag.

Penetration and Impact

Cactus ransomware's tactics align with the MITRE ATT&CK Framework, demonstrating a sophisticated understanding of cyber threats. The group has been observed exploiting the ZeroLogon vulnerability (CVE-2020-1472), which allows remote unauthenticated attackers to access domain controllers and obtain domain administrator access. The attackers create multiple accounts and add them to the administrator's group, enabling them to evade detection, escalate privileges, and remain persistent in the environment. The breach of Verco Office Furniture Ltd underscores the significant threat posed by Cactus ransomware in the cybersecurity landscape.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.