alphv attacks Detroit Stoker Company

Incident Date: Jan 09, 2022

Attack Overview
VICTIM
Detroit Stoker Company
INDUSTRY
Manufacturing
LOCATION
USA
ATTACKER
Alphv
FIRST REPORTED
January 9, 2022

Detroit Stoker Company Targeted by Alphv Ransomware Group

The Detroit Stoker Company, a prominent designer, manufacturer, and supplier of solid fuel stoker/grate systems and related combustion equipment, has recently fallen victim to the ransomware group Alphv. With over 125 years of operation, the company has established itself in the manufacturing sector, specializing in the generation of heat and power from a variety of renewable opportunity fuels including biomass, refuse-derived fuels, and others.

Detroit Stoker Company's official website provides extensive information on their products and services, detailing the diverse types of fuels their combustion equipment can process, such as bagasse, bark, biodiesel, grain refuse, MSW (Municipal Solid Waste), RDF (Refuse-Derived Fuel), palm oil residue, poultry litter, sawdust, and sunflower hulls.

While specific vulnerabilities that led to the company being targeted by threat actors remain undisclosed, it is widely recognized that ransomware attacks frequently exploit weaknesses such as outdated software, unpatched systems, and insufficient password policies. The exact vulnerabilities at Detroit Stoker Company, whether these or others, have not been made clear, nor has it been specified if the attack was part of a broader, targeted campaign.

The Alphv ransomware group, also identified as DEV-0537, has been notably active since at least 2022, orchestrating several high-profile attacks on entities such as the US Marshals service, Point32Health, MOVEit, City of Dallas, GoAnywhere, MCNA Dental, and Yum Brands. This group is distinguished by its aggressive approach, notably its use of double-extortion tactics, wherein data is exfiltrated prior to encryption and subsequently held for ransom.

As of this writing, Detroit Stoker Company has not released any public statements concerning the attack or the extent of any data breach. According to their privacy policy, the company does collect and utilize personal information, including device data, to enhance site functionality and marketing strategies. The potential compromise of this information in the attack remains uncertain.

This incident underscores the persistent threat posed by ransomware attacks and highlights the critical need for robust cybersecurity defenses to mitigate such risks.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

1
2
3
Let's get started
1
1
2
3
1
1
2
2
3
Back
Next
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.