Ransomware Group:  
Embargo



Sponsored by Hudson RockUse Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business


Sites | External Information | Tools | Ransom Note(s) | Activity | Worldmap | Victims (17)


Sites

Title Available Last Visit FQDN Screenshot
EMBARGO 🟢 2024-12-07 07:32:20.984529 embargobe3n5okxyzqphpmk3moinoap2snz5k6765mvtkk7hhi544jid.onion 📸

External information

Tools used

Discovery RMM Tools Defense Evasion Credential Theft OffSec Networking LOLBAS Exfiltration
s4killer (Minifilter Driver) BCDEdit
ServiceControl (sc.exe)

This information is provided by Ransomware-Tool-Matrix

Ransom Note(s)

Activity over time

Worldmap

17 Victims

US flag

backyarddiscovery.com 

Company logo
Ransomware Group:

Discovery Date: 2024-11-30 07:58
Estimated Attack Date: 2024-11-29

Backyard Discovery is built for families. From a child’s first playset to structures that guard the parents’ newest outdoor interests, our products are meant to play a role in families’ lives for years and years. You can find our dedicated team hard at work in our Pittsburg, KS headquarters and diligently focused at every one of our distribution centers. Each of our innovators and specialists is passionate about helping families enjoy wonderful moments right in their own backyards — and you can see that focus in our high-quality gazebos, pergolas, swing sets, playhouses, and backyard leisure products. - ~1TB of confidential data.

Victim:   |  Group: 
US flag

American Associated Pharmacies 

Company logo
Ransomware Group:

Discovery Date: 2024-11-13 00:34
Estimated Attack Date: 2024-11-12

Sector: Healthcare
American Associated Pharmacies (AAP) is a member-owned cooperative of over 2,000 independent pharmacies working together as a cohesive network. AAP in partnership with its subsidiaries, Associated Pharmacies, Inc. (API), Arete Pharmacy Network, and AllyScripts, provides the tools and resources needed for members to improve their bottom line and differentiate themselves from competitors. AAP members not only receive savings on brand prescriptions, generic prescriptions and OTC products through the API warehouse and their negotiated prime vendor agreement, but they also receive negotiated competitive managed-care contracts through the Arete Pharmacy Network. In addition to offering solutions such as API and Arete Pharmacy Network, AAP provides members access to a full-service specialty pharmacy, AllyScripts, that allows pharmacies to retain their patients and compete in the growing specialty segment without the costly investment. AAP is able to provide its members with the support and customized solutions they need to succeed in the marketplace. - It seems AAP does not care about their data. AAP has paid 1.3 million for decrypt and owe another 1.3 million for 1.469 TB of their data.

Victim:   |  Group: 
JO flag

wexfordcounty.org 

Company logo
Ransomware Group:

Discovery Date: 2024-11-05 21:51

Located in Northern Lower Michigan, Wexford County boasts a population of approximately 35,000, with a combination of an industrial/recreational demographic base. - 1 TB Data Network Admins: Joe Porterfield (jporterfield@wexfordcounty.org) Jami Bigger (jbigger@wexfordcounty.org) 231-779-9452 Passwords: ["August24!", "September24!", "October24!"] MSSP: Sophia Masotti-Jordan (sophia@karhucyber.com) 616-856-5678

Victim:   |  Group: 
GE flag

mh-m.org 

Company logo
Ransomware Group:

Discovery Date: 2024-11-05 16:48
Estimated Attack Date: 2024-11-04

Sector: Healthcare
Memorial Hospital and Manor celebrated its 50th Anniversary in 2010. Memorial Hospital was officially dedicated on Sunday, April 3, 1960, and opened its doors to receive patients the following day. The 80-bed hospital was built under the Hill-Burton Hospital Survey & Construction Act of 1946. The Hill-Burton Act initiated the concept of local, state, and federal cost sharing of healthcare facilities, and provided federal funds for construction and renovation of more than 9,000 medical facilities, particularly in lower income areas. While two-thirds of the money was provided by the Federal government and the State of Georgia, Memorial Hospital has always been operated by the Hospital Authority of the City of Bainbridge and Decatur County. Prior to the opening of Memorial Hospital, two private hospitals served the healthcare needs of Decatur and surrounding counties. In 1916, Riverside Hospital was built and operated by Dr. J. D. Chason, Dr. Gordon Chason, Dr. R. F. Wheat, and Dr. Willie Lee Wilkinson. Shortly after the Riverside Hospital was built, Dr. A.E.B. Alford came to Bainbridge and built the Bainbridge Hospital. The Flint River provided easy access to these hospitals for people in rural areas and nearby towns, making Bainbridge a healthcare center for the tri-state area. Memorial Hospital was given its name in memoriam to those pioneers who made Bainbridge the medical center of Southwest Georgia, Northern Florida, and Southeastern Alabama for many decades. - 1.15 TB Data

Victim:   |  Group: 
GE flag

Memorial Hospital & Manor 

Company logo
Ransomware Group:

Discovery Date: 2024-11-05 09:18
Estimated Attack Date: 2024-11-04

Sector: Healthcare
Memorial Hospital and Manor celebrated its 50th Anniversary in 2010. Memorial Hospital was officially dedicated on Sunday, April 3, 1960, and opened its doors to receive patients the following day. The 80-bed hospital was built under the Hill-Burton Hospital Survey & Construction Act of 1946. The Hill-Burton Act initiated the concept of local, state, and federal cost sharing of healthcare facilities, and provided federal funds for construction and renovation of more than 9,000 medical facilities, particularly in lower income areas. While two-thirds of the money was provided by the Federal government and the State of Georgia, Memorial Hospital has always been operated by the Hospital Authority of the City of Bainbridge and Decatur County. Prior to the opening of Memorial Hospital, two private hospitals served the healthcare needs of Decatur and surrounding counties. In 1916, Riverside Hospital was built and operated by Dr. J. D. Chason, Dr. Gordon Chason, Dr. R. F. Wheat, and Dr. Willie Lee Wilkinson. Shortly after the Riverside Hospital was built, Dr. A.E.B. Alford came to Bainbridge and built the Bainbridge Hospital. The Flint River provided easy access to these hospitals for people in rural areas and nearby towns, making Bainbridge a healthcare center for the tri-state area. Memorial Hospital was given its name in memoriam to those pioneers who made Bainbridge the medical center of Southwest Georgia, Northern Florida, and Southeastern Alabama for many decades. - 1.15 TB Data

Victim:   |  Group: 
US flag

weisermemorialhospital.org 

Company logo
Ransomware Group:

Discovery Date: 2024-09-30 01:34
Estimated Attack Date: 2024-09-04

Sector: Healthcare
Weiser Memorial Hospital is a full service not-for-profit community hospital that has been serving the healthcare needs of Washington County and surrounding areas since 1950. In recent years, the hospital has grown to include the Surgical and Specialty Clinic that provides access to numerous specialists, as well as Family Medical Center, a family practice clinic that provides access to local family physicians. - 200 GB Data Adam Hollman likes to waste time. Persons Responsible: Adam Hollman ( adam.hollman@arcticwolf.com +1-612-887-1547) David Allwein ( dallwein@weiserhospital.org +1-208-230-1092 ) Steven Hale ( shale@weiserhospital.org +1-808-282-6001 / +1-208-549-4450)

Victim:   |  Group: 
US flag

pioneerworldwide.com 

Company logo
Ransomware Group:

Discovery Date: 2024-07-26 15:17

Sector: Technology
Founded in 1917, Pioneer Balloon Company is the world's premier manufacturer of latex balloons, with a diversified range of products that includes Microfoil® balloons and Bubble Balloons. Additionally, Pioneer offers innovative product solutions to customers in the advertising, entertaining, decorating, and social expressions markets. Headquartered in Wichita, KS, USA, Pioneer has facilities in the United States, Canada, England, Australia, Mexico, and Brazil. - 1.65 TB

Victim:   |  Group: 
US flag

summervillepolice.com 

Company logo
Ransomware Group:

Discovery Date: 2024-07-26 14:42

The Summerville Police Department is committed to building relationships with community members while providing the highest level of service in shooting black children. - 1.71 TB

Victim:   |  Group: 
 flag

diligentusa.com 

Company logo
Ransomware Group:

Discovery Date: 2024-07-11 22:37

Diligent Delivery Systems provides transportation services for businesses within varying industries. Major clients include WorldPac and PharMerica. The company is currently facing tight liquidity and debt default due 23 million cash uses within the past 18 months. Management has been tasked with refinancing existing debt, sourcing a new investor, or selling the business. - Total leak size: 600+ GB For any clients and buyers who have interest in working with Diligent or investing/buying this company, we have invaluable data for you. All documents and the entire collection of emails since January 1 2024 for: - Larry Browne (CEO) - Darl Petty (CFO) - Carlos Navarro (COO) - Alan Geraldi (Legal Counsel) Additionally, we have database backups, documents belonging to clients (protected by NDA), and more. If you had doubts about the financial situation of this company, no need to doubt. We will be releasing the entire collection shortly. The company will try to deny that they have these financial difficulties and that they are trying to sell the company, but these emails and documents tell different story. Some contacts for you: Larry Browne lbrowne@diligentusa.com larrybrowne@gmail.com (713) 906-4385 (281) 854-1300 713-906-9253 713-906-4385 President Darl Petty dpetty@diligentusa.com 713-906-6167 281-854-1313 CFO Carlos Navarro cnavarro@diligentusa.com 713.205.8861 (713)275-2555 713-377-2799 COO Alan Geraldi ageraldi@diligentusa.com (281)948-2604 (832)300-3595 General Counsel (Legal) Lisa Musick lmusick@diligentusa.com (713)906-7317 (281)854-1301 Executive Assistant Scott Bruder sbruder@diligentusa.com (713)906-0070 (281)854-1317 VP of National Sales Automative Dawn Vesey dvesey@diligentusa.com 615.719.0481 HR Director Tim Barrett tbarrett@diligentusa.com 615-362-6799 629-335-3399 Director of Information Technologies Ed Saddler esaddler@diligentusa.com (346)988-7464 Information Technology Level 2 Support Ron Lewis rlewis@diligentusa.com (281)728-3174 (281)854-1355 IT Support Manager Jakob Akin jakin@diligentusa.com 6292438907 6292438907 Systems Administrator

Victim:   |  Group: 
FR flag

gerard-perrier.com 

Company logo
Ransomware Group:

Discovery Date: 2024-07-04 14:34

Gerard Perrier Industrie SA is a France-based company that provides electrical and electronic automation solutions to industry including design and manufacturing, installation and maintenance. The Company operates through its subsidiaries, including SAS Geral, which designs and manufactures electronic and electrical automation and control equipment; SAS Soteb, which installs and maintains different types of electrical and automation equipment, SAS Ardatem, which specializes in the nuclear energy sector and ensure technical assistance, among others. Gerard Perrier Industrie's customers include manufacturers of machinery, professional equipment and capital goods, and electrical departments of industrial production sites in the chemical, mechanical and food processing sectors, among others. The Company’s activities also include provision of energy-related services, installation, and maintenance services, and construction of electrical and electronic assemblies. - 1,4 T Data

Victim:   |  Group: 
GB flag

jla.com 

Company logo
Ransomware Group:

Discovery Date: 2024-06-29 23:19

JLA are the largest provider of critical equipment and rapid-response maintenance services to businesses in the UK. They operate a nationwide fleet of installers and engineers and tens of thousands of Laundry, Catering, HVAC, and fire safety assets in every corner of the UK. - 627.543 GiB all available soon Persons Responsible: Ben Gujral Chief Executive Officer bgujral@jla.com +441422761271 +447900900819 Robert Ackland Chief Technology Officer RAckland@jla.com rackland@jlaclean.com +447815469501 Jonathan Ling Legal & HR Director jling@jla.com jling@jlaclean.com +447790698739 +441422822282 Harry Pasvantis harry.pasvantis@ensono.com `This is the year of me 2037` https://ensono.okta.com/login/login.htm ----- 1 000 000 USD Bounty (valid until October 2024) - send us a picture of Ben Gujral's detached finger

Victim:   |  Group: 
US flag

dmedelivers.com 

Company logo
Ransomware Group:

Discovery Date: 2024-06-06 20:52

Sector: Healthcare
Marketing, Printing, Logistics - 1 TB+ databases, source code, client files

Victim:   |  Group: 
US flag

shamrocktradingcorp.com 

Company logo
Ransomware Group:

Discovery Date: 2024-05-21 22:15

Shamrock Trading Corporation is the parent company for a family of brands in transportation services, finance and technology. The company offers transportation logistics, discount programs, and international trade financing. -

Victim:   |  Group: 
DE flag

orga-soft.de 

Company logo
Ransomware Group:

Discovery Date: 2024-05-17 18:31

Sector: Technology
Software Development - SQL BASES AND SOURCES 650 GB, LINK WILL BE AVAILABLE SOON

Victim:   |  Group: 
US flag

rexmoore.com 

Company logo
Ransomware Group:

Discovery Date: 2024-05-08 22:35

Sector: Construction
Founded in 1922 and headquartered in Sacramento, California, Rex Moore is a family-owned and managed company, providing electrical and integrated systems engineering, manufacturing, construction and maintenance. The company performs both design/build and bid work for most electrical and low voltage projects. - DATA will be available soon. SQL Databases + big amount of Documents.

Victim:   |  Group: 
AU flag

firstmac.com.au 

Company logo
Ransomware Group:

Discovery Date: 2024-04-30 20:29

Firstmac Limited is an Australian owned company with experience in home and investment loans. They have a range of market insurance products backed by international company, Allianz Group. International ratings agency Standard & Poors gives Firstmac its highest possible ranking (strong) for loan serviceability abilities. - 500+ GB full databases, source codes, sensitive customer data

Victim:   |  Group: 
US flag

mulfordconstruction.com 

Company logo
Ransomware Group:

Discovery Date: 2024-04-21 16:41
Estimated Attack Date: 2024-04-17

Sector: Construction
Heavy Civil Contracting, Earthwork and Utilities - 2 TB data will be disclosed soon

Victim:   |  Group: