Garon Products Cyberattack: ThreeAM Ransomware Strike Again


Garon Products Inc. finds itself ensnared in the web of cybercrime as it becomes the latest target of the ThreeAM ransomware attack. The Garon Products cyberattack was brought to light when it appeared on the dark web portal operated by the threat actors, casting uncertainty over its operations.

Garon Products, Inc. is a reputable U.S. manufacturer specializing in high-quality concrete repair and preservation solutions since 1960. The organization offers a diverse range of products utilizing advanced technologies such as hydraulic cement, epoxy, urethane, polyaspartic, and acrylic copolymers.

The Garon Products Cyberattack

To learn more about this alleged cyberattack on Garon Products, The Cyber Express reached out to the organization.

However, as of the time of this writing, no official statement or response has been received from the organization, leaving the claims surrounding the cyberattack on Garon Products hanging unverified at this point.

Moreover, the website for Garon Products seems to be operational at the moment and doesn’t show any immediate signs of a cyberattack.

In cases like this, ransomware groups usually target the database or the backend of the website instead of launching an offensive attack like defacements or Distributed Denial of Service (DDoS) attack.

Understanding the ThreeAM Ransomware Group 

The Garon Products cyberattack by the ThreeAM ransomware group highlights the persistent threat posed to small and medium enterprises (SMEs) by cybercriminals seeking financial gain through illicit means.

Operating on the modus operandi of encrypting victims’ data and subsequently demanding ransom payments for its release, ThreeAM exemplifies the ever-looming danger to global organizations. 

Security analysts at Intrinsic recently decoded the workings of ThreeAM ransomware, shedding light on its active campaigns targeting SMEs. Unlike its more sophisticated counterparts, ThreeAM may seem less refined, yet its impact can be significant.

Leveraging X/Twitter bots and Rust language for its operations, ThreeAM emerges as a new entrant in the malware domain, poised to target unsuspecting victims.

Modus Operandi of ThreeAM Ransomware Group 

The timeline of ThreeAM’s activities reveals a pattern of calculated strikes aimed at a dozen US businesses between September 13 and October 26, 2023. SMEs, characterized by their limited resources, find themselves particularly vulnerable to such assaults. 

Symantec’s report linking ThreeAM ransomware to the ex-Conti-Ryuk-TrickBot nexus further highlights the complexity of these ransomware groups. Employing Rust-based technology, ThreeAM represents a fallback option for failed LockBit deployments.

ThreeAM’s operations come into focus upon closer examination of its infrastructure. Domains masquerading as US entities and hosting servers bearing a common Apache banner serve as the backdrop for the group’s malicious activities. 

Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.





Source link