Millimages Hit by Cactus Ransomware, 147GB Data Compromised
Analysis of the Cactus Ransomware Attack on Millimages
Company Profile: Millimages
Millimages, a prominent independent animation studio based in Paris, France, with additional offices in London and Shenzhen, specializes in the development, production, and distribution of family-oriented entertainment content. Founded in 1991, the company has cultivated a significant digital presence, boasting over 75 intellectual properties and generating 10 million daily views across more than 100 digital networks. Millimages stands out in the media and internet sector for its extensive catalog of 1,500 hours of produced content and its strategic expansion into global markets, including recent licensing deals in Latin America and the UK.
Details of the Ransomware Attack
The Cactus ransomware group has targeted Millimages, leading to the exfiltration of 147GB of sensitive data. This breach includes personal identifiable information, corporate agreements, financial documents, and more. The attack has compromised the company's operational integrity and exposed a vast amount of confidential data, with only a fraction currently disclosed publicly.
Profile of the Cactus Ransomware Group
The Cactus group, identified as a ransomware-as-a-service (RaaS) entity, is notorious for its sophisticated attack methodologies, including the exploitation of the ZeroLogon vulnerability and advanced encryption tactics. This group's approach typically involves disabling security tools, using custom scripts, and executing the ransomware to evade detection and maintain persistence within the victim's network.
Potential Vulnerabilities and Attack Vectors
Millimages' significant digital footprint and extensive use of digital distribution channels may have increased its exposure to cyber threats like those posed by Cactus. The company's reliance on digital technologies and international connectivity could have provided multiple vectors for Cactus to exploit, particularly if there were unpatched vulnerabilities or insufficient endpoint protections.
Sources:
See Halcyon in action
Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!