While a lot of ransomware groups target smaller companies with revenue in the tens of millions of dollars, some groups operate exclusively to get the big fish. One such group that goes by the name of Cactus, recently hacked Bachoco – Mexico’s largest poultry producer with revenues of over $4.4 billion.
Here’s what we’ve been able to gather about the hack.
The Attack Date, What Was Stolen, and Who’s Affected
Cactus’s website shows that the company was hacked just before the new year rolled around – 30th December. That said, the ransomware group did not state a deadline for the ransom to be paid, which is quite concerning since the data could be leaked at any moment.
Details about Bachoco on Cactus’ website.
In terms of the data stolen, the group has access to pretty much every document that the company kept as confidential. A download link to the proof of hack was included with the published post, which includes personally identifiable information (PII) of employees, stakeholders, and customers, as well as non-disclosure agreements, financial records, and other confidential documents belonging to Bachoco.
This proof is only a tiny fraction of the total data stolen which, as shown above, is roughly 130 GB in size. The picture below shows the ID of one individual whose identity was leaked as part of the proof on Cactus’ website (personal information blacked out):
Considering the fact that the group has access to information as sensitive as this, one can assume that all stakeholders of the Mexican giant are at risk. Looking at the employees alone, Bachoco has over 25,000 employees, each of whom is critically prone to having their personally identifiable information leaked by the ransomware group.
Who Is Cactus?
Cactus is a recent actor among ransomware groups, having only been identified and noted in the first quarter of 2023. Despite being less than a year old in the space, the group has already become synonymous with the hacks of large, often multi-billion-dollar companies, bringing them to their knees.
Although they seem new, it is likely that the group has been formulated by seasoned hackers within the space who have abandoned earlier notorious groups in favor of this new guise that is as elusive as can be.
While a lot of ransomware groups create their software to infect a system and encrypt all of the files it finds on them, Cactus’ ransomware acts in a sneaky way. It hides itself under layers of complexity to avoid detection. Its victims had likely been compromised for a considerable duration before realizing what had happened – until the files were ultimately encrypted and the ransom post published on their blog.
What’s Next for Ransomware?
Ransomware groups have been coming up with new and evermore creative ways of penetrating companies’ cybersecurity lines. The most recent hacks are a clear indication of this, which means that these attacks are likely to only get more frequent.
With that in mind, it’s critical for you to maintain your security against these groups by making sure you have robust anti-malware software installed and updated, not clicking on suspicious links, and ensuring everyone in your firm understands the importance of cybersecurity protocols.
How Bachoco responds to the ransomware attack is something only time will tell.