Cactus Ransomware Hits Garment Giant Ghim Li Globa
Despite attempts to verify the Ghim Li Global cyberattack, no official response has been received from the company, leaving the claim unverified.
Samiksha Jain April 24, 2024 Firewall Daily, Ransomware News Reading Time: 4 mins read 0
592 3.3k Share on LinkedInShare on Twitter
Cactus ransomware has added Ghim Li Global Pte Ltd to its victim list, sparking concerns over data security and the vulnerability of businesses to cyberattacks.
Ghim Li Global is a prominent Singapore-based company specializing in garment manufacturing and distribution across the Asia-Pacific region.
While the extent of the Ghim Li Global cyberattack and the compromise of data remain undisclosed by the ransomware group, the potential implications of such an attack could be profound.
Claim of Ghim Li Global Cyberattack
The ransomware group's claim has raised skepticism, especially as Ghim Li Global's official website appears to be fully functional, casting doubts on the authenticity of the claim. Despite attempts to verify the Ghim Li Global cyberattack, no official response has been received from the company, leaving the claim unverified.
Source: X
Emergence of Cactus Ransomware
Cactus ransomware has been a growing threat since March 2023, targeting commercial entities with considerable success. In a study conducted by the SANS Institute on the growth of ransomware, Cactus was identified as one of the fastest-growing threat actors of the year.
Notably, 17% of all ransomware attacks in 2023 were attributed to new groups that did not exist in 2022, with Cactus ranking among the top five threats in this new group of threat actors.
The name “Cactus” originates from the filename of the ransom note, “cAcTuS.readme.txt”, with encrypted files being renamed with the extension.CTSx, where ‘x' is a single-digit number that varies between attacks.
Previous Cyberattacks Claims
Prior to targeting Ghim Li Global, Cactus ransomware made headlines in March 2024 for its cyberattack on Petersen Health Care. The attack compromised the company's digital infrastructure and led to the exposure of sensitive information.
Petersen Health Care, a prominent Illinois-based company operating a network of nursing homes across the United States, was forced to file for bankruptcy under Chapter 11 protection in a Delaware court, burdened by a staggering $295 million in debt.
Among this debt was a significant $45 million owed under healthcare facility loans insured by the U.S. Department of Housing and Urban Development.
In February, Schneider Electric's Sustainability Business Division fell victim to a data breach, raising alarms about the security of sensitive information within the company's ecosystem. While details of the breach remain murky, the the ransomware group claimed responsibility, asserting that 1.5 TB of personal documents, confidential agreements, and non-disclosure agreements were among the information stolen.
Before these incidents, in December, Cactus ransomware targeted Coop, a major supermarket chain in Sweden. Despite claiming responsibility for the attack, the group did not disclose the extent of the data accessed or the ransom amount demanded. Subsequently, in January 2024, Coop confirmed facing a severe cyberattack that rendered its payment checkouts useless, plunging the supermarket giant into chaos.
With the alleged cyberattack on Ghim Li Global Pte Ltd, the ransomware group continues to pose a significant threat to organizations worldwide. The incident highlights the urgent need for businesses to strengthen their cybersecurity measures and remain vigilant against evolving cyber threats.
