Quick Summary
AllegedExecutive Summary
City Lumber Company, an organization based in the United States, was targeted by the Settra ransomware group, with the incident reported on June 30, 2026. SOCRadar identified this listing through its Dark Web Monitoring service. Settra has been actively targeting organizations, with a focus on US-based commercial entities, particularly within the business services, technology, and consumer services sectors.
Technical Analysis
SOCRadar’s analysis of stealer logs indicated a potential initial access vector for City Lumber Company through exposed credentials associated with the clc-tn.com domain. Eleven records were found linking corporate @clc-tn.com usernames to third-party services, indicating workstation compromise. Notably, credentials for an Epicor ERP login and a corporate procurement/B2B portal were exposed, suggesting access to business-critical systems. The exposure window ranged from August 2025 to June 2026, consistent with ongoing compromises or unrotated credentials. The modus operandi of ransomware groups like Settra involves leveraging credentials from stealer logs to gain entry into victim networks, often through VPN or remote access portals, before deploying ransomware. Recommended actions include resetting affected accounts, forensic examination of endpoints, auditing access logs, and expanding threat hunting within identity systems.