In April, Alpha Manufacturing fell victim to a high-severity ransomware attack attributed to the Qilin group. The intruders gained access to the corporate network through a vulnerable remote desktop gateway, deploying a custom-built Qilin payload that rapidly encrypted production databases and internal file shares. Backup systems were also compromised, rendering restoration efforts ineffective. Within hours, operations ground to a halt as assembly line controls, inventory management platforms, and customer order processing systems were locked behind an encryption wall. The attackers demanded a multimillion-dollar ransom in cryptocurrency and threatened to publish sensitive customer data, including names, addresses, payment details, and proprietary design blueprints, if their demands were not met within 72 hours. Efforts by the incident response team and external forensics specialists uncovered evidence of exfiltration of personal data belonging to over 50,000 customers. Although negotiations were initiated, the company opted to rebuild affected systems from isolated backups to avoid paying the ransom. The disruption lasted ten days, resulting in lost revenue, delayed shipments, regulatory scrutiny, and reputational damage. Post-incident analysis revealed gaps in network segmentation and outdated endpoint protection, prompting a comprehensive cybersecurity overhaul.
Source: https://www.scworld.com/brief/babuk-ransomware-deployed-via-bring-your-own-installer-edr-evasion
"id": "alp850050725",
"linkid": "alpha-manufacturing-&-design-llc",
"type": "Ransomware",
"date": "5/2025",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"