Newcomer Arcus Media Ransomware Targets 3

By Bogdan Pătru . 30 June 2024

Tech Writer

Fact-Checked this

The Arcus Media hackers have announced 3 more victims on the 29^th. These are Freightliner of Grand Rapids & Kalamazoo from the US, Clima Lodi from Italy, and DatAnalitica from the Dominican Republic.

The hackers didn’t post any relevant information about the breaches aside from short summaries of those attacked
Neither of the victims has commented on the situation, which most likely indicates that the negotiations haven’t been finalized
Arcus Media first came public in May of the current year and has already produced 6 victims since its inception
The Arcus Media hackers appear to conduct targeted attacks rather than going for the typical spray-and-pray

Given the gang’s recent emergence, there is little-to-no information about its structure, members, preferred industry and target type, or any other aspect. While the group first reached the public sphere in May, they didn’t hit their first targets until June.

The first week of June saw Arcus Media producing no fewer than 6 victims. These come from different industries, mainly manufacturing, services, real estate, construction, and health. The hackers also appear to exfiltrate a lot of data.

X showing the ARCUS MEDIA attack on the 3 victims — https://x.com/FalconFeedsio/status/1807269248193974635

Currently, Arcus Media advertises itself as a RaaS (Ransomware-as-a-Service) service and has a TOR website where they post their leaks. The attack method typically revolves around phishing emails because it’s cost-effective and gets the job done.

Regarding the negotiations, there’s little information to be worth with. The hackers conduct the negotiations on their TOR platform but it’s unclear if they’ve had any successful ones. Some of their victims include:

Langescheid GbR
Franja IT Integradores de Tecnologia
Duque Saldarriaga
BHMAC
Botsello Mills Ltd.

What to do in Case of a Ransomware Attack?

Arcus Media is just another example that shows how prolific and active the ransomware sphere is. Ransomware actors have grown more competent and active over the past year, producing more victims than even before. And the trend doesn’t appear to slow down.

So, in the unfortunate case that you become a victim, what should you do? The answer is simple: move on. Don’t negotiate, don’t pay the ransom, don’t even contact the hackers. As cybersecurity experts explain, paying the ransom does nothing for you.

On the contrary, it has more negative than positive effects. Sure, you will get access to your system, but that’s not the only reason one pays the ransom. High-level targets with a lot of sensitive data are also interested in having the stolen data deleted.

That’s the main reason why they pay the hackers. Unfortunately, there’s no guarantee that the attackers will keep their word and delete the stolen data. In many situations, they prefer to either keep it to themselves, sell it, or share it with other cybercriminal gangs.

Plus, paying the ransom marks you as a vulnerable target. So, you’re more likely to be targeted again in the future.

The standard recommendation is to ignore any type of contact or communication with the hackers and look for other avenues to fix the problem. The hackers will most likely leak the data on the Dark Web, but that’s likely to happen whether you pay the ransom or not.

Our Mission

We believe security online security matters and its our mission to make it a safer place.

Author, Creative Writer, and Tech-Geek Bogdan has followed his passion for the digital world ever since he got his hands on his first PC. After years of accumulating knowledge and experience, the good Samaritan in him whispered to him one day about the virtue of sharing that knowledge with those who needed it. It was in 2014 when that idea would grow into a life-defining passion. One that keeps driving him to this day.

Cookie	Duration	Description
CookieLawInfoConsent	1 year	CookieYes sets this cookie to record the default button state of the corresponding category and the status of CCPA. It works only in coordination with the primary cookie.
viewed_cookie_policy	1 year	The GDPR Cookie Consent plugin sets the cookie to store whether or not the user has consented to use cookies. It does not store any personal data.
wpEmojiSettingsSupports	session	WordPress sets this cookie when a user interacts with emojis on a WordPress site. It helps determine if the user's browser can display emojis properly.

Cookie	Duration	Description
_ga	1 year 1 month 4 days	Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.
_ga_*	1 year 1 month 4 days	Google Analytics sets this cookie to store and count page views.
_gat_UA-*	1 minute	Google Analytics sets this cookie for user behaviour tracking.
_gid	1 day	Google Analytics sets this cookie to store information on how visitors use a website while also creating an analytics report of the website's performance. Some of the collected data includes the number of visitors, their source, and the pages they visit anonymously.
_omappvp	1 year 1 month 4 days	The _omappvp cookie is set to distinguish new and returning users and is used in conjunction with _omappvs cookie.
_omappvs	20 minutes	The _omappvs cookie, used in conjunction with the _omappvp cookies, is used to determine if the visitor has visited the website before, or if it is a new visitor.

Newcomer Arcus Media Ransomware Targets 3

What to do in Case of a Ransomware Attack?

Our Mission

Bogdan Pătru

Leave a Comment Cancel