blackbasta attacks Willemen Group

Incident Date:

October 5, 2022

World map



blackbasta attacks Willemen Group


Willemen Group




, Netherlands

Willemstad, Netherlands

First Reported

October 5, 2022

Willemen Group Suffers Ransomware Attack

Company Overview

Willemen Group is a construction sector company that emphasizes quality, innovation, and sustainability. The company brings together various competencies and knowledge in enthusiastic teams to shape the future of construction projects. They are committed to digitization and sustainability, aligning with the United Nations Sustainable Development Goals and preparing for the European Green Deal. The company employs 2,100 people and has a strong focus on safety, with a goal of ensuring that everyone, including employees, subcontractors, suppliers, and partners, returns home safely every day.

Vulnerabilities and Attack Vectors

Ransomware attacks typically exploit vulnerabilities in software, use brute-force credential attacks, employ social engineering tactics, leverage previously compromised credentials, or abuse trust opportunities. The 2022 Unit 42 Incident Response Report identified that 48% of ransomware cases began with software vulnerabilities, and 32% of ransomware attacks experienced by survey respondents in the past year started with an exploited vulnerability.

In the case of Willemen Group, the attack vector is not explicitly stated. However, it is mentioned that the attackers are using multiextortion techniques, which can include copying and exfiltrating unencrypted data, shaming the victim on social media, threatening additional attacks like DDoS, or leaking the stolen information to clients or on the dark web.

Industry Vulnerabilities

The construction sector is known for its use of older technologies that are more prone to security gaps, and patches may not be available for legacy and end-of-life solutions. Additionally, the larger the environment, the greater the challenge in understanding the attack surface and maintaining the necessary tools and technologies.

Mitigation Strategies

To mitigate ransomware attacks, organizations should focus on understanding the attack vectors used by threat actors and implementing platforms for EDR, SOAR, and active ASM to reduce the risk of infection. Good security practices, such as phishing training and password hygiene among employees, can also help reduce the likelihood of social engineering or brute-force attacks. Streamlined offboarding for ex-employees can prevent insider attacks.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.