Ghim Li Global Pte Ltd, a prominent Singapore-based company specializing in garment manufacturing and distribution across the Asia-Pacific region, has refuted claims made by the Cactus ransomware group alleging that Ghim Li Global was added to its victim list.
The company’s official spokesperson clarified to The Cyber Express that there has been no ransomware attack on the organization, nor any threats received.
“To clarify, our organization has not been attacked by any form of ransomware, nor have we received any threats of this nature from any parties. Our latest assessments confirm that there has been no evidence of attackers or data leaks originating from our internal systems or network,” told the official spokesperson to The Cyber Express.
Claim of Ghim Li Global Cyberattack
The assertion by Cactus ransomware that Ghim Li Global Pte Ltd was added to its victim list raised concerns over data security and the vulnerability of businesses to cyberattacks. The claim prompted questions about the motives behind such announcements and whether they are merely tactics to gain attention or if there is a deeper agenda at play.
However, with the official statement from Ghim Li Global, it is now clear that no such attack has occurred on the organization. The refutation provides reassurance to stakeholders and customers regarding the security of Ghim Li Global’s systems and data.
Emergence of Cactus Ransomware
Cactus ransomware has been a growing threat since March 2023, targeting commercial entities with considerable success. In a study conducted by the SANS Institute on the growth of ransomware, Cactus was identified as one of the fastest-growing threat actors of the year.
Notably, 17% of all ransomware attacks in 2023 were attributed to new groups that did not exist in 2022, with Cactus ranking among the top five threats in this new group of threat actors.
The name “Cactus” originates from the filename of the ransom note, “cAcTuS.readme.txt”, with encrypted files being renamed with the extension.CTSx, where ‘x’ is a single-digit number that varies between attacks.
Previous Cyberattacks Claims
Prior to allegedly targeting Ghim Li Global, Cactus ransomware made headlines in March 2024 for its cyberattack on Petersen Health Care. The attack compromised the company’s digital infrastructure and led to the exposure of sensitive information.
Petersen Health Care, a prominent Illinois-based company operating a network of nursing homes across the United States, was forced to file for bankruptcy under Chapter 11 protection in a Delaware court, burdened by a staggering $295 million in debt.
Among this debt was a significant $45 million owed under healthcare facility loans insured by the U.S. Department of Housing and Urban Development.
In February, Schneider Electric’s Sustainability Business Division fell victim to a data breach, raising alarms about the security of sensitive information within the company’s ecosystem. While details of the breach remain murky, the ransomware group claimed responsibility, asserting that 1.5 TB of personal documents, confidential agreements, and non-disclosure agreements were among the information stolen.
Before these incidents, in December, Cactus ransomware targeted Coop, a major supermarket chain in Sweden. Despite claiming responsibility for the attack, the group did not disclose the extent of the data accessed or the ransom amount demanded. Subsequently, in January 2024, Coop confirmed facing a severe cyberattack that rendered its payment checkouts useless, plunging the supermarket giant into chaos.
In conclusion, Ghim Li Global’s denial of the ransomware claim provides clarity and reassurance regarding the organization’s cybersecurity posture. The incident highlights the urgent need for businesses to strengthen their cybersecurity measures and remain vigilant against evolving cyber threats.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
