Intelligence Summary: RAN-024
Vector: Ransomware / Malicious Macro | Victim: Light Manufacturing Firm
This reconnaissance summary, adapted from partnership intelligence with Pax8, details a calculated ransomware attack that used internal financial data as leverage during the ransom negotiation.
A financial department employee received an email with a standard-looking invoice. Upon opening the document, a prompt appeared stating that "Macros must be enabled to view secure content." Unaware of the security implications, the employee clicked "Enable," unknowingly executing a background script that granted the attackers full administrative access to the network.
The attackers did not encrypt the files immediately. They spent days moving laterally through the network until they located the company’s Profit and Loss (P&L) statements and bank balance records. They now knew exactly how much cash the company had on hand and what their insurance coverage limits were.
When the ransomware was finally triggered, the company’s backups were also found to be deleted. When the business owner attempted to negotiate the $750,000 demand, the attackers sent back a screenshot of the firm's own balance sheet with a chilling message:
With no backups and operations completely dark for a week, the firm was forced to pay the full amount. The total loss exceeded £1m when including the ransom, recovery costs, and lost production time.