conti attacks Normandeau Associates, Inc.

Incident Date:

March 19, 2022

World map



conti attacks Normandeau Associates, Inc.


Normandeau Associates, Inc.




Bedford, USA

New Hampshire, USA

First Reported

March 19, 2022

Normandeau Associates, Inc. Suffers Ransomware Attack

Normandeau Associates, Inc., a premier environmental consulting firm, has fallen victim to a ransomware attack perpetrated by the notorious Conti group. This incident was disclosed on the group's dark web leak site, signaling a significant breach of security for the company known for its extensive expertise, scientific rigor, and ethical standards, alongside its unique scientific technologies.

Since its inception in 1970, Normandeau Associates has evolved into a nationally recognized entity, boasting employee ownership and a deep-seated commitment to corporate social responsibility. This encompasses employee empowerment, active civic and community participation, volunteerism, and philanthropy.

The firm's leadership is composed of seasoned experts in environmental consulting and management. Among them, Pam Hall, a pivotal figure since 1971, has significantly contributed to the firm's expansion and has held leadership positions on various non-profit boards. Bob Varney, the firm's President, brings a wealth of experience as a former Environmental Protection Agency (EPA) Regional Administrator, having been appointed by leaders across the political spectrum.

The Significance of the Attack

The cyber assault on Normandeau Associates serves as a stark reminder of the persistent ransomware threat facing businesses in diverse sectors. The firm's dedication to environmental consulting and its esteemed reputation for scientific innovation might have rendered it an attractive target for cybercriminals aiming to exploit system vulnerabilities.

The Conti ransomware group, operational since at least 2020, has orchestrated numerous attacks on global businesses and organizations. It exemplifies the "ransomware-as-a-service" (RaaS) model, wherein the ransomware is developed, affiliates are enlisted for deployment, and a comprehensive online dashboard is maintained to facilitate the encryption and exfiltration of data for ransom purposes.

This incident underscores the critical need for stringent cybersecurity defenses to thwart ransomware attacks. Entities within the Energy, Utilities & Waste sector, among others, must remain vigilant and invest in cutting-edge cybersecurity solutions and best practices to diminish the threat of such incursions.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.