BlackSuit Ransomware Strikes Brewer & Company

Incident Date:

April 9, 2024

World map



BlackSuit Ransomware Strikes Brewer & Company


Brewer & Company of West Virginia, Inc.


Black Suit


Charleston, USA

West Virginia, USA

First Reported

April 9, 2024

Ransomware Incident at Brewer & Company of West Virginia, Inc.

Victim Profile

Brewer & Company of West Virginia encountered a ransomware incident orchestrated by the cybercriminal faction known as BlackSuit. Approximately 52.5 gigabytes of data were compromised, with the stolen files subsequently made fully accessible post-attack. Established in 1945, Brewer & Company is a prominent fire protection contractor based in West Virginia. It has executed over 25,000 projects and boasts a workforce of around 130 professionals. Services offered by Brewer & Company encompass fire suppression systems, fire alarm systems, as well as maintenance, testing, and repair. Doug P. Meeks serves as the CEO and President, having been associated with the company since 1994.

Company Size

Presently, Brewer & Company operates across three locations, catering to six states with a staff exceeding 100 individuals. The company's achievements are attributed to its longstanding presence, committed workforce, and strategic expansion endeavors. Brewer & Company distinguishes itself within the construction sector for its specialization in fire protection services and extensive industry experience.

Exploits and Targeting by BlackSuit

The BlackSuit ransomware faction, notorious for its incursions across diverse sectors such as healthcare, education, IT, government, retail, and manufacturing, has acknowledged its involvement in the incident at Brewer & Company of West Virginia. The group is renowned for encrypting and exfiltrating victim data, subsequently establishing public data leak platforms for non-compliant entities. Brewer & Company's susceptibility to such threats may be attributed to its status as a medium-sized enterprise and the sensitive nature of the data it manages, particularly pertaining to fire protection systems and client records.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.