Ransomware Attack on Escriba Informática by ThreeAM

Incident Date: May 16, 2024

Attack Overview
VICTIM
Escriba Informatica
INDUSTRY
Business Services
LOCATION
Brazil
ATTACKER
3am
FIRST REPORTED
May 16, 2024

Ransomware Attack on Escriba Informática by ThreeAM

Victim Overview

Escriba Informática, a Brazilian company specializing in software development for extrajudicial registries, notary offices, and registration offices, was targeted in a ransomware attack by the cybercrime group ThreeAM. The company has over 20 years of experience in the sector and is known for its ability to adapt to changes in legislation and meet the specific needs of its clients.

Company Profile

Escriba Informática is recognized for its speed in solving problems, understanding of the daily demands of notary offices, and implementation of solutions that cater to the specific needs of its clients. The company is also known for its ethics, transparency, and personalized service. They stand out in the industry for their ability to adapt to legislative changes, provide tailored solutions, and offer exceptional customer service. The company's expertise in software development for registries and offices sets it apart from competitors.

Company Vulnerabilities

As a company specializing in software development for sensitive sectors such as notary offices and registries, Escriba Informática may be targeted by threat actors due to the valuable data it handles. The company's reliance on digital systems and online services also makes it susceptible to cyberattacks.

Attack Details

The cybercrime group ThreeAM utilized ransomware to target Escriba Informática, compromising the company's website. The attack highlights the importance of robust cybersecurity measures for organizations operating in the digital space.

Ransomware Group ThreeAM

ThreeAM is a newly discovered threat actor that emerged in September 2023. The group's ransomware, written in the Rust programming language, exhibits notable features such as selective encryption, service termination, and VSS deletion. ThreeAM may have ties to the LockBit ransomware group, indicating a potential connection to established threat actors in the cyber landscape.

Sources:

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

1
2
3
Let's get started
1
1
2
3
1
1
2
2
3
Back
Next
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.