Millimages Hit by Cactus Ransomware, 147GB Data Compromised

Incident Date: Jun 23, 2024

Attack Overview
VICTIM
Millimages
INDUSTRY
Media & Internet
LOCATION
France
ATTACKER
Cactus
FIRST REPORTED
June 23, 2024

Analysis of the Cactus Ransomware Attack on Millimages

Company Profile: Millimages

Millimages, a prominent independent animation studio based in Paris, France, with additional offices in London and Shenzhen, specializes in the development, production, and distribution of family-oriented entertainment content. Founded in 1991, the company has cultivated a significant digital presence, boasting over 75 intellectual properties and generating 10 million daily views across more than 100 digital networks. Millimages stands out in the media and internet sector for its extensive catalog of 1,500 hours of produced content and its strategic expansion into global markets, including recent licensing deals in Latin America and the UK.

Details of the Ransomware Attack

The Cactus ransomware group has targeted Millimages, leading to the exfiltration of 147GB of sensitive data. This breach includes personal identifiable information, corporate agreements, financial documents, and more. The attack has compromised the company's operational integrity and exposed a vast amount of confidential data, with only a fraction currently disclosed publicly.

Profile of the Cactus Ransomware Group

The Cactus group, identified as a ransomware-as-a-service (RaaS) entity, is notorious for its sophisticated attack methodologies, including the exploitation of the ZeroLogon vulnerability and advanced encryption tactics. This group's approach typically involves disabling security tools, using custom scripts, and executing the ransomware to evade detection and maintain persistence within the victim's network.

Potential Vulnerabilities and Attack Vectors

Millimages' significant digital footprint and extensive use of digital distribution channels may have increased its exposure to cyber threats like those posed by Cactus. The company's reliance on digital technologies and international connectivity could have provided multiple vectors for Cactus to exploit, particularly if there were unpatched vulnerabilities or insufficient endpoint protections.

Sources:

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

1
2
3
Let's get started
1
1
2
3
1
1
2
2
3
Back
Next
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.