Garon Products Inc. has found itself at the mercy of cyber criminals, falling victim to the latest ThreeAM ransomware attack. The cyberattack on Garon Products was revealed when it surfaced on the dark web portal operated by the threat actors, causing uncertainty about the company’s operations.
Garon Products, Inc., a well-established U.S. manufacturer known for its high-quality concrete repair and preservation solutions, has been in operation since 1960. The company prides itself on offering a diverse range of products that utilize advanced technologies such as hydraulic cement, epoxy, urethane, polyaspartic, and acrylic copolymers.
The cyberattack on Garon Products has drawn significant attention, and various sources have attempted to gather information about the incident. Despite several attempts to reach out to the organization, no official statement or response has been provided, leaving the claims surrounding the cyberattack unverified.
Furthermore, the company’s website appears to be operational without immediate signs of a cyberattack. In cases like this, ransomware groups typically target the database or the backend of the website instead of launching an offensive attack like defacements or Distributed Denial of Service (DDoS) attack.
The ThreeAM ransomware group, responsible for the cyberattack on Garon Products, presents a significant threat to small and medium enterprises (SMEs) seeking financial gain through illicit means. Operating by encrypting victims’ data and demanding ransom payments for its release, ThreeAM underscores the ever-looming danger to global organizations.
Security analysts at Intrinsic recently decoded the workings of ThreeAM ransomware, revealing its active campaigns targeting SMEs. Despite appearing less refined than more sophisticated ransomware groups, ThreeAM’s impact can be significant, leveraging X/Twitter bots and Rust language for its operations.
The timeline of ThreeAM’s activities reveals a pattern of calculated strikes aimed at a dozen US businesses between September 13 and October 26, 2023. SMEs, with their limited resources, find themselves particularly vulnerable to such assaults. Symantec’s report linking ThreeAM ransomware to the ex-Conti-Ryuk-TrickBot nexus further highlights the complexity of these ransomware groups.
The infrastructure of ThreeAM’s operations, with domains masquerading as US entities and hosting servers bearing a common Apache banner, provides insight into the group’s malicious activities. It is important to note that this report is based on internal and external research obtained through various means, and users are responsible for their reliance on it.
The cyberattack on Garon Products serves as a stark reminder of the constant threat posed by cybercriminals and the need for robust cybersecurity measures, especially for SMEs. As the investigation into the incident continues, it is essential for organizations to remain vigilant and take proactive steps to safeguard their digital assets.