Construction Firm Agate Inc. Hit by Ransomware Attack

Incident Date:

April 12, 2024

World map

Overview

Title

Construction Firm Agate Inc. Hit by Ransomware Attack

Victim

Agate Inc.

Attacker

Play

Location

Egg Harbor Township, USA

New Jersey, USA

First Reported

April 12, 2024

Ransomware Attack on Agate Inc. by Play Ransomware Group

Company Profile

Established in 1973, Agate Construction Company, also known as Agate Inc., operates as a construction firm in Arizona, United States. With a focus on delivering innovative solutions to challenging construction projects, it provides general construction, steel fabrication, and pre-engineered metal buildings for industrial and commercial markets. Its services encompass general contracting, construction management at risk, budget development, conceptual estimating, design build, logistics development, and Building Information Modeling (BIM). Agate Construction Company, headquartered in Scottsdale, Arizona, employs a team of 112 individuals and operates with a total funding amount of less than $5 million.

Industry Standing

Agate Inc. has maintained a prominent presence in the construction industry, offering a wide range of services, including steel fabrication and pre-engineered metal buildings. Setting itself apart from competitors, the company is recognized for its focus on innovation and its ability to tackle challenging projects.

Vulnerabilities

Targeting Agate Inc., threat actors like the Play Ransomware group exploited vulnerabilities such as exposed RDP servers and known weaknesses like FortiOS and Microsoft Exchange. These vulnerabilities provided initial access to the company's systems, facilitating ransomware attacks and the exfiltration of sensitive data. The ransomware group Play has announced to have extracted private and personal confidential data, client documents, budgets, payroll information, accounting records, contracts, tax documents, IDs, and financial information in this attack to the company.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.