Tursso Companies Hit by Dispossesor Ransomware: Data Compromised
Ransomware Attack on Tursso Companies, Inc. by Dispossesor
Tursso Companies, Inc., a prominent manufacturer specializing in pressure-sensitive labels, flexible packaging, and specialty printed materials, has recently fallen victim to a ransomware attack orchestrated by the threat actor known as Dispossesor. The breach was discovered on July 30, 2024, and has significant implications for the company and its stakeholders.
About Tursso Companies, Inc.
Established in 1970, Tursso Companies, Inc. operates from two manufacturing facilities located in St. Paul, Minnesota, and Fort Dodge, Iowa. The company serves a diverse clientele across the United States, particularly in highly regulated industries such as healthcare, pharmaceuticals, food, and personal care. Tursso is known for its high-quality labeling and packaging solutions, utilizing advanced printing technologies like flexographic, digital, and lithographic processes. The company is ISO 9001:2015 certified and adheres to current Good Manufacturing Practices (cGMP), ensuring stringent quality control and compliance.
Attack Overview
The ransomware attack by Dispossesor has led to the exfiltration of sensitive data from Tursso Companies, Inc. Although the exact size of the data leak remains unknown, videos showcasing confidential files have surfaced on Streamable. The compromised data includes sensitive information related to employees, projects, contracts, and partners. This breach necessitates a thorough examination of the compromised data to identify potential breaches of law and obligations.
About Dispossesor
Dispossesor is a newly identified threat actor in the ransomware landscape, primarily functioning as a data broker rather than a traditional ransomware group. First observed in December 2023, Dispossesor capitalizes on the work of other cybercriminals by publishing data leaks from other ransomware groups. The group has claimed responsibility for a variety of attacks, targeting sectors such as government, healthcare, media, and finance. Dispossesor engages in extortion by threatening to leak sensitive data unless a ransom is paid.
Potential Vulnerabilities
Tursso Companies, Inc.'s focus on highly regulated industries makes it a prime target for threat actors like Dispossesor. The company's extensive handling of sensitive data related to healthcare, pharmaceuticals, and other sectors increases the potential impact of a data breach. The attack on Tursso highlights the evolving nature of cyber threats and the importance of cybersecurity measures to protect against data breaches and extortion threats.
See Halcyon in action
Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!