Notorious ransomware group BlackCat Ransomware (ALPHV) has allegedly orchestrated a ransomware attack on Orion Co., Ltd., a prominent South Korea-based food and beverage company. Taking responsibility for the ransomware attack on Orion, BlackCat Ransomware (ALPHV) group provided sample screenshots as evidence.
The group has claimed that the ransomware attack resulted in the theft of over one terabyte of sensitive data, including confidential documents about Korean and Chinese employees, non-disclosure agreements, and other highly sensitive information.
A post on BlackCat Ransomware (ALPHV) ransomware group’s leak site claimed to have successfully launched a ransomware attack on Orion.
“Orion Corporation is a South Korean confectionery company headquartered in Munbae-dong, Yongsan District, Seoul. The company is one of the three largest food companies in South Korea.”
“Our team has more than 1TB of this company’s data. Including documents of Korean and Chinese industry employees. There are also many non-disclosure agreements”, reads the post by the threat actor.
The Cyber Express team contacted the company to confirm the ransomware attack on Orion and alerted KN-CERT (Korea National Computer Emergency Response Team). However, at the time of writing, no official response was received.
Ransomware attack on Orion
Orion Co., Ltd., a well-established organization in the food and beverage industry, has allegedly fallen victim to a sophisticated cyber assault.
The ransomware attack on Orion, if confirmed, puts the details of a large chain of vendors across Asia in risk.
AlphaVM, known for its involvement in various cyber criminal activities, has once again demonstrated its ability to infiltrate organizations and carry out precise attacks.
BlackCat Ransomware (ALPHV) is a ransomware-as-a-service (RaaS) entity and has been reported to be using modern manipulation of critical system files and settings to attack its victims.
Operational since November, BlackCat Ransomware (ALPHV) has swiftly risen to popularity in the underground markets and has been reported to have launched 336 cyber attacks globally, as per a report by DailyHostNews.
The threat actor also caught the attention of international security defense systems when its campaign reached up to 10-20 cyber attacks a month in February 2023.
By breaching the security defenses of Orion, AlphaVM has exposed alleged vulnerabilities within the company’s digital infrastructure, underscoring the urgent need for robust cybersecurity measures.
The ransomware attack on Orion and the theft of over one terabyte of data pose a severe risk to the affected organization and its stakeholders.
The compromised documents, encompassing employee records, non-disclosure agreements, and other confidential information, have the potential for malicious exploitation or sale on the dark web, resulting in dire consequences for individuals and the company itself.
Ransomware attack on Orion and the rise of hackers targeting APAC
In response to this alarming incident, companies and organizations throughout South Korea and the wider APAC region are strongly advised to review and bolster their cybersecurity protocols.
According to an IBM Security X-Force Threat Intelligence Index 2023, in a recurring trend, the cybersecurity landscape of the Asia Pacific (APAC) region experienced a further decline for the second consecutive year, surpassing all other regions.
Remarkably, APAC continued to bear the unfortunate distinction of being the prime target for cyberattacks in 2022, responsible for a significant 31% of global incidents that were successfully resolved.
South Korea alone faces phishing scams that have resulted in damages of over 1.76 trillion won ($1.24 billion) over the last five years, says Korea Herald.
In this regard, the Korean government has been bolstering its cybersecurity framework by implementing a series of pioneering measures, including introducing new laws and regulations to fortify digital defenses.
According to Mordor Intelligence, South Korea anticipates an impressive trajectory as revenue demonstrates an astounding compound annual growth rate (CAGR) of 16.55% from 2022 to 2027.
This remarkable growth can be attributed to the burgeoning utilization of internet-connected devices and the surging prevalence of mobile devices, establishing South Korea as an enticing prospect for cyberattacks.
The ransomware attack on Orion Co., Ltd. underscores the mounting challenges organizations face in today’s digital era. It serves as a resounding call to action, urging businesses to remain vigilant and take immediate measures to safeguard their invaluable assets from the persistent and ever-evolving cyber threats lurking in the shadows.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
