Sterling Rope Co. Hit by Rhysida Ransomware: Data Release Threatened
Ransomware Attack on Sterling Rope Co. by Rhysida Group
Sterling Rope Company, a leading manufacturer of high-performance ropes and life-safety products based in Biddeford, Maine, has fallen victim to a ransomware attack by the Rhysida Ransomware Group. The attack was publicly claimed by Rhysida on their dark web leak site, where they have threatened to release the company's data within 6-7 days, posting sample screenshots as proof.
About Sterling Rope Company
Founded in 1992, Sterling Rope Company specializes in the design and manufacturing of high-quality ropes and related products for various industries, including climbing, rescue, arboriculture, and tactical applications. The company is renowned for its commitment to safety and performance, producing ropes that meet stringent industry standards. Sterling Rope's innovative technologies, such as their proprietary XEROS technology, enhance the durability and environmental friendliness of their products. The company also emphasizes sustainability, operating its manufacturing plant on 100% renewable energy and maintaining a rigorous recycling program.
Attack Overview
The Rhysida Ransomware Group has claimed responsibility for the attack on Sterling Rope, threatening to release sensitive company data unless a ransom is paid. The attackers have already posted sample screenshots of the exfiltrated data on their dark web portal. This incident highlights the vulnerabilities that even well-established companies in the manufacturing sector face from sophisticated cyber threats.
About Rhysida Ransomware Group
First sighted in May 2023, the Rhysida Ransomware Group has quickly made a name for itself by targeting sectors such as education, healthcare, manufacturing, information technology, and government. The group employs a double extortion technique, stealing data before encrypting it and threatening to publish it unless a ransom is paid. Rhysida ransomware is written in C++ and targets Windows operating systems, using the ChaCha20 encryption algorithm. The group typically deploys the ransomware through phishing campaigns and leverages valid credentials to establish network connections via VPN.
Penetration and Impact
Rhysida's attack on Sterling Rope likely involved leveraging valid credentials to gain initial access, followed by the use of tools like Advance IP/Port Scanner to enumerate the victim's environment. The group then employed Sysinternals tools like PsExec for lateral movement and ransomware deployment. The attack underscores the importance of strong cybersecurity measures, as even companies with strong reputations for innovation and quality can be vulnerable to sophisticated cyber threats.
See Halcyon in action
Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!