Ransomware Attack Hits Gino Giglio Generation by ArcusMedia
Ransomware Attack on Gino Giglio Generation S.p.A. by ArcusMedia
Gino Giglio Generation S.p.A. (GGG S.p.A.), a leading Italian company specializing in the wholesale distribution of office supplies, has become the latest victim of a ransomware attack by the notorious group ArcusMedia. The attack was publicly disclosed on September 16, 2024, via ArcusMedia's dark web leak site.
Company Profile
Established in 2004 and headquartered in Naples, Italy, Gino Giglio Generation S.p.A. operates primarily in the wholesale market, supplying a wide range of office supplies to retailers and educational institutions. The company boasts an extensive product catalog featuring over 15,000 items, including various types of paper, art supplies, writing instruments, and other stationery essentials. GGG S.p.A. is known for its rapid delivery services and strong customer support, which have contributed to its annual turnover of approximately €11 million.
Attack Overview
The ransomware attack on Gino Giglio Generation S.p.A. was discovered on September 16, 2024. ArcusMedia, a ransomware group that has quickly gained notoriety since its emergence in May 2024, claimed responsibility for the attack. The extent of the data leak remains unknown, but the group has threatened to release sensitive information if their demands are not met.
ArcusMedia: A Rising Threat
ArcusMedia operates under a Ransomware-as-a-Service (RaaS) model, allowing other cybercriminals to utilize their ransomware tools. The group has targeted various sectors, including manufacturing, healthcare, and entertainment. Their attack methods typically involve phishing emails to gain initial access, followed by data exfiltration and system encryption as part of their double extortion strategy. ArcusMedia uses custom-built ransomware binaries that are often obfuscated to evade detection.
Vulnerabilities and Penetration
Gino Giglio Generation S.p.A.'s reliance on digital systems for inventory management, order processing, and customer support may have made it vulnerable to cyberattacks. The company's extensive online presence, including its e-commerce website, could have provided multiple entry points for threat actors. Phishing emails, a common tactic used by ArcusMedia, may have been the initial vector for the attack, allowing the group to infiltrate the company's systems and exfiltrate sensitive data before deploying ransomware.
Sources
See Halcyon in action
Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!