Fortune 500 Company Among the Latest Victims of the Cactus Ransomware Group

Fortune 500 Company Among the Latest Victims of the Cactus Ransomware Group
We may receive commissions for purchases made through links on our website. We appreciate your support.

The Cactus Ransomware Group has been infamous for hacking high profile companies, with several multi-billion-dollar businesses on the list of their victims, but the latest is a particularly notable case.

Asbury Automotive Group, with revenues of over $15.4 billion, has been hacked by the ransomware group and has had its data published on Cactus’ PR website. With thousands of individuals’ information at risk, here’s what we know about the attack so far.

About Asbury Automotive

As a Fortune 500 company, the firm certainly has a lot to lose should it choose to ignore the ransomware attack. The company has more than 14,000 employees and focuses on providing automotive retail services throughout the United States, with subsidiaries in Atlanta and more.

At the time of this report, TechLapse has contacted Asbury Automotive Group and is awaiting responses.

When They Attacked, What They Stole, and Who It Affects

The news of the ransomware attack was discovered directly on Cactus’ PR website in the form of a blog post on January 12, 2024. According to the ransomware group, the stolen data is 62 GB in size and so far, less than one percent of it has been disclosed to the public as proof.

Asbury Automotive Group’s details on Cactus’ site.

As for the information stolen, Cactus has published numerous different forms of confidential documents online. These include passports, driver’s licenses, IDs, private financial data, employee information, and more.

Combined with the stated size of the breach at more than 60GB, we can assume that the majority of stakeholders of the firm are at risk of having their personally identifiable information published on the web.

In the case of Asbury Automotive Group, this means that more than 14,000 individuals are among the affected victims. The picture below shows one of the driver’s licenses posted as proof on Cactus’ website, with personally identifiable information blacked out of course:

Driver license of an Asbury Automotive Group employee published on Cactus’ site.

Who Is Cactus?

The Cactus ransomware group is a ransomware-as-a-service (RaaS) group that has been active since at least March 2023. The group is known for its sophisticated tactics and has quickly gained notoriety in the dark web space.

Cactus is a relatively new ransomware that is less than a year old but appears to be run by skilled, experienced hackers that were likely part of different groups prior to it.

The ransomware has built-in anti-virus detection techniques, and the group appears to be skilled in avoiding detection during the reconnaissance stage. Cactus has targeted many high-profile targets, with 88 victims as of January 2024 reported by Darkfeed. Previous high-profile victims of the group include Coop, a multi-billion-dollar retail company in Sweden.

What’s Next for Cybersecurity?

Understanding the way these ransomware groups exploit the vulnerabilities of even high-profile companies is of crucial importance for individuals in cybersecurity. By identifying and rectifying any gaps in their cybersecurity, especially the ones that are most often used as a penetration point by hackers, firms can make sure that their systems are as secure as possible from these attacks.

Precautions such as this, combined with cybersecurity best practices, is the only reliable way for businesses to stay safe from being a victim of a ransomware attack nowadays.