ThreeAM Ransomware Hits Mid-State Industrial in Major Attack

Incident Date: Nov 13, 2024

Attack Overview

VICTIM

Midstate Industrial

INDUSTRY

Hospitals & Physicians Clinics

LOCATION

USA

ATTACKER

Threeam

FIRST REPORTED

November 13, 2024

Request Removal

ThreeAM Ransomware Attack on Mid-State Industrial: A Detailed Analysis

Mid-State Industrial Corp, a leading provider of industrial maintenance services, recently fell victim to a ransomware attack orchestrated by the ThreeAM group. This incident has raised significant concerns within the cybersecurity community, given the company's critical role in sectors such as phosphate mining, chemical processing, and power generation.

Company Profile and Industry Standing

Founded in 1973, Mid-State Industrial Corp operates from a 45-acre facility in Florida, employing over 1,000 staff members. The company is renowned for its comprehensive industrial maintenance solutions, which are crucial for minimizing downtime and ensuring operational continuity across various industries. Their expertise in providing turnkey maintenance solutions has established them as a leader in the industrial sector.

Vulnerabilities and Attack Overview

The ransomware attack, identified on October 12, 2023, resulted in the encryption of critical operational data, disrupting production lines and halting supply chain processes. Initial investigations suggest that the attack vector was a phishing email, exploiting vulnerabilities in outdated software. The attackers demanded a ransom of 15 Bitcoin, approximately $800,000, to decrypt the files. Mid-State Industrial's IT team, alongside external cybersecurity experts, is actively working to contain the breach and restore systems from backups.

ThreeAM Ransomware Group

ThreeAM, a relatively new player in the ransomware landscape, has quickly gained notoriety for its sophisticated attacks. Developed using Rust, the ransomware is known for its ability to disrupt applications, backup systems, and security software. The group is linked to other cybercrime entities, including the Conti and Royal ransomware gangs, and is distinguished by its innovative extortion tactics, such as leveraging social media to publicize data leaks.

Penetration and Impact

The attack on Mid-State Industrial underscores the vulnerabilities that even well-established companies face in the digital age. The use of phishing emails to infiltrate systems highlights the importance of effective cybersecurity measures and employee training. The incident has been reported to federal authorities, and an investigation is underway to trace the origins of the attack.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.