BNBuilders Hit by Ransomware Attack from Hunters International
Incident Date:
October 5, 2024
Overview
Title
BNBuilders Hit by Ransomware Attack from Hunters International
Victim
BNBuilders
Attacker
Hunters International
Location
First Reported
October 5, 2024
Ransomware Attack on BNBuilders: A Closer Look at the Hunters Group Breach
BNBuilders, a prominent general contracting firm headquartered in Seattle, Washington, has recently fallen victim to a ransomware attack by the notorious group known as Hunters International. The attack, disclosed on October 5, has raised significant concerns about cybersecurity vulnerabilities within the construction sector.
BNBuilders: A Leader in Construction
Founded in 2000, BNBuilders operates as a 100% employee-owned company, specializing in complex construction projects across sectors such as life sciences, healthcare, and technology. With a workforce of over 1,000 employees and annual revenues of approximately $1.3 billion, the company is recognized for its innovative project management techniques and commitment to sustainability. Their use of advanced methodologies like Virtual Design and Construction (VDC) and Lean construction practices sets them apart in the industry.
Details of the Attack
The ransomware group Hunters International claims to have exfiltrated 936.7 GB of sensitive data from BNBuilders, leaving it unencrypted and exposed. This breach threatens the company's operational integrity and client confidentiality, highlighting the construction industry's vulnerability to cyber threats.
Hunters International: A Sophisticated Threat
Emerging in late 2023, Hunters International operates as a Ransomware-as-a-Service (RaaS) provider, known for its sophisticated data leak strategies. The group prioritizes data exfiltration over encryption, leveraging stolen information to pressure victims into paying ransoms. Their ransomware, written in Rust, employs AES and RSA encryption techniques, making it a formidable threat. The group's operations span globally, complicating law enforcement efforts to curb their activities.
Potential Vulnerabilities and Penetration Tactics
Hunters International likely exploited vulnerabilities in BNBuilders' public-facing applications or employed phishing and social engineering tactics to gain access. The construction sector's reliance on digital tools and data management systems makes it an attractive target for cybercriminals. The attack on BNBuilders serves as a stark reminder of the need for enhanced cybersecurity measures in industries handling sensitive data.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.