Arcus Media Ransomware Attack on Thibabem Atacadista

Incident Date: May 24, 2024

Attack Overview
VICTIM
Thibabem Atacadista
INDUSTRY
Retail
LOCATION
Brazil
ATTACKER
Arcus Media
FIRST REPORTED
May 24, 2024

Arcus Media Ransomware Attack on Thibabem Atacadista

Overview of Thibabem Atacadista

Thibabem Atacadista e Distribuidor, a Brazilian company, specializes in wholesale children's clothing and accessories. Their wide range includes clothing, shoes, and accessories for babies, toddlers, and children. The company, which employs approximately 32 people, stands out for its extensive collection and wholesale operations.

Details of the Ransomware Attack

In late May 2024, Thibabem Atacadista fell victim to a ransomware attack by Arcus Media. This incident is part of a series of attacks by the group, active since May 2024, targeting various sectors worldwide.

Arcus Media uses phishing emails with malicious attachments to gain initial access. They deploy custom ransomware binaries and obfuscated scripts to execute the payload, create scheduled tasks for persistence, and use tools like Mimikatz for privilege escalation. Their methods include both direct and double extortion.

About Arcus Media

Arcus Media operates as a Ransomware-as-a-Service (RaaS), allowing other threat actors to use their malware. Their unique affiliate program requires new affiliates to be referred by existing ones. The group has targeted multiple sectors, including government, finance, healthcare, and education, with notable attacks on US telecom and London hospitals.

Potential Vulnerabilities

Thibabem's reliance on digital systems for operations and customer data makes it a prime target for ransomware. The disruption caused by such attacks can severely impact business continuity and lead to significant data loss.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

1
2
3
Let's get started
1
1
2
3
1
1
2
2
3
Back
Next
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.