Arcus Media Ransomware Attack on Thibabem Atacadista
Arcus Media Ransomware Attack on Thibabem Atacadista
Overview of Thibabem Atacadista
Thibabem Atacadista e Distribuidor, a Brazilian company, specializes in wholesale children's clothing and accessories. Their wide range includes clothing, shoes, and accessories for babies, toddlers, and children. The company, which employs approximately 32 people, stands out for its extensive collection and wholesale operations.
Details of the Ransomware Attack
In late May 2024, Thibabem Atacadista fell victim to a ransomware attack by Arcus Media. This incident is part of a series of attacks by the group, active since May 2024, targeting various sectors worldwide.
Arcus Media uses phishing emails with malicious attachments to gain initial access. They deploy custom ransomware binaries and obfuscated scripts to execute the payload, create scheduled tasks for persistence, and use tools like Mimikatz for privilege escalation. Their methods include both direct and double extortion.
About Arcus Media
Arcus Media operates as a Ransomware-as-a-Service (RaaS), allowing other threat actors to use their malware. Their unique affiliate program requires new affiliates to be referred by existing ones. The group has targeted multiple sectors, including government, finance, healthcare, and education, with notable attacks on US telecom and London hospitals.
Potential Vulnerabilities
Thibabem's reliance on digital systems for operations and customer data makes it a prime target for ransomware. The disruption caused by such attacks can severely impact business continuity and lead to significant data loss.
Sources
See Halcyon in action
Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!