Ransomware Attack on Grupo SASMET by Arcus Media

Incident Date: May 24, 2024

Attack Overview
VICTIM
Grupo SASMET
INDUSTRY
Manufacturing
LOCATION
Brazil
ATTACKER
Arcus Media
FIRST REPORTED
May 24, 2024

Ransomware Attack on Grupo SASMET by Arcus Media

Victim Overview

Grupo SASMET, a Brazilian company operating in the manufacturing sector, was recently targeted by the Arcus Media ransomware group in May 2024. The company specializes in the production and distribution of metal products, such as steel pipes, fittings, and valves. Grupo SASMET also offers services related to metalworking and industrial maintenance. The company employs between 51-200 people and is registered under the name Saúde Ocupacional.

Arcus Media Ransomware Group

The Arcus Media ransomware group is a relatively new threat actor that has been active since May 2024. The group distinguishes itself by conducting direct and double extortion methods, using phishing emails for initial access, deploying custom ransomware binaries, and employing obfuscation techniques to evade detection.

Attack Details

Grupo SASMET was one of the 11 victims targeted by Arcus Media in a series of attacks. The ransomware group utilizes tactics such as phishing emails with malicious attachments, obfuscated scripts for payload execution, and privilege escalation using tools like Mimikatz. Grupo SASMET's vulnerabilities may have included weak email security measures, lack of robust endpoint protection, and insufficient network segmentation.

How the Attack Occurred

Arcus Media likely gained access to Grupo SASMET's systems through a phishing email that contained a malicious attachment or link. Once inside the network, the group deployed their custom ransomware and used obfuscation techniques to evade detection. The attackers may have exploited vulnerabilities in the company's security infrastructure to establish persistence and escalate privileges.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

1
2
3
Let's get started
1
1
2
3
1
1
2
2
3
Back
Next
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.