OCASA,a transportation and logistics company, suffered a cyber attack that took down the company’s website. Clarion confirmed that it is a ransomware, a malicious program (malware) that enters systems, encrypts information and demands a ransom in cryptocurrencies in exchange.
OCASA is known for sending credit cards, debit cards, documentation such as driver’s licenses by mail, as well as other types of parcels. For this reason, cybercriminals they could have personal data in their possession of Argentine citizens who have received shipments to their homes.
Its specialty is what is known as “last mile” distribution (the last stretch to the buyer’s home), in addition to the merchandise that passes through its two large distribution centers. They have plants located in La Plata, Sarandí and Avellanedato handle the process known as “cross docking”.
“We reaffirm the ability to evolve, innovate and provide cutting-edge logistics solutions to our clients around the world, developing services aimed at positively impacting people’s lives, providing solutions, when and where they need it,” they explain from the company itself. , highlighting among its specialties ecommerce, traceability and storage.
Clarion contacted the company for a comment and to inquire about the status of operations, but did not receive a response.
The impact of the attack is still unclear, as there is no official communication, but this medium learned that IT teams were working all week to recover the affected information. Until the time of publication of this note, The website was still down.
In addition, the attack impacted other companies in the group managed by OCASA, such as Direxaa company that offers “tailored and exclusive solutions in comprehensive logistics services, import, export and merchandise transit operations.”
OCASA has other strategic partners such as Staples, which supplies bookstore items, and Brandlive, in charge of supplying retailers with brands such as Wrangler, Lee and Topper, among others.
Ransomware as a Service (Raas): How Cybercriminals Operate
He ransomware as a service (RaaS) It is a type of attack that has become popular in recent years, generating a high impact on the cybersecurity environment. It works with a model of developers and affiliates: some write the source code that encrypts the data, others are in charge of distributing it for a percentage in exchange.
The partner or affiliate may be an employee of the attacked company, or someone who purchased the service to deposit it with a victim, because they have privileged access, in what is known as an IAB: Initial Access Brokerthe attacker who puts “one foot” inside the company or institution to be attacked.
Once the ransomware is deployed and the victim is infected, the extortion itself begins. The model has a double and even triple extortion: The first has to do with making the data inaccessible to the entity itself. The second, if the affected person has backups, involves threatening to publish the internal information to generate a reputational data. And in some cases there is a third step in which third parties working with the victim are contacted to put pressure on the supply chain.
If the attack is successful and the victim pays a ransom, the loot is divided between the cybercriminal group and the affiliate. The cut is usually around 20% of the economic benefit for cybercrime partners.
In Argentina, some cases resonated strongly in both the public and private spheres. In the private sphere, Ingenio Ledesma, Grupo Albanesi, La Segunda and OSDE, among other companies, suffered attacks that, in some cases, exposed not only internal information but also that of clients.
In the public sphere, PAMI suffered a cyberattack last year that led to an immense amount of leaked affiliate data, which poses a danger to a vulnerable population that is even more exposed to social engineering attacks (“the uncle’s story” ). The University of Buenos Aires and the National Securities Commission also suffered during 2023.