Arch-Con Corporation: Battling the Black Basta Ransomware Group
Incident Date:
April 9, 2024
Overview
Title
Arch-Con Corporation: Battling the Black Basta Ransomware Group
Victim
Arch-Con Corporation
Attacker
Blackbasta
Location
First Reported
April 9, 2024
Arch-Con Corporation Targeted by Black Basta Ransomware Group
Company Profile
Founded in 2000, a national commercial general contractor, Arch-Con Corporation has become the focus of a ransomware attack by the group Black Basta. Operating from offices in Houston, Dallas, Austin, and Denver, it specializes in commercial design and construction services.
Company Size and Industry Standing
With an extensive portfolio, Arch-Con Corporation has completed 478 projects in the past year. Renowned for its expertise in constructing office buildings, industrial projects, healthcare facilities, and branded hotels, it also excels in multifamily projects, totaling over $1.2 billion and 7,000 units through its Community Division.
Ransomware Attack
The company fell victim to a ransomware attack by the cybercrime group Black Basta. The attackers encrypted vital data, including accounting records, administrative documents, departmental data, and personal user information, amounting to approximately 2 terabytes. Some of this sensitive data has been leaked online.
Vulnerabilities and Targeting
Given its prominence in the construction sector, Arch-Con Corporation's size and reputation make it an enticing target for groups like Black Basta. With a vast network of clients, partners, and projects, there are numerous avenues for cybercriminals to exploit vulnerabilities and execute ransomware attacks.
Black Basta, known for its sophisticated tactics and double extortion strategy, poses a significant threat to organizations like Arch-Con Corporation. By encrypting critical data and threatening to expose sensitive information, the ransomware group aims to extort substantial sums from its victims.
Arch-Con Corporation's use of platforms like Levelset for preliminary notices and lien waivers could potentially expose them to cyber threats if these systems are compromised. Moreover, its payment practices, project scope, and industry connections may render it susceptible to targeted attacks by ransomware operators like Black Basta.
Sources:
Levelset - Arch-Con Corporation Profile
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.