Coquitlam Concrete Hit by Hunters International Ransomware

Incident Date:

July 4, 2024

World map

Overview

Title

Coquitlam Concrete Hit by Hunters International Ransomware

Victim

Сoquitlam Concrete

Attacker

Hunters International

Location

Coquitlam, Canada

, Canada

First Reported

July 4, 2024

Analysis of the Ransomware Attack on Coquitlam Concrete by Hunters International

Company Profile: Coquitlam Concrete

Coquitlam Concrete (1993) Ltd., a stalwart in the Metro-Vancouver construction sector, has been operational since 1993. As an independent, family-owned business, it specializes in ready-mix and precast concrete products. Utilizing its own aggregate source, the company is adept at meeting diverse design and strength specifications, which is a significant competitive edge in the construction industry. With over 75 years in the business, Coquitlam Concrete employs more than thirty individuals and operates a fleet of mixer trucks, a ready-mix plant, and a precast yard. Their commitment to environmental responsibility and safety is evident in their use of advanced systems and protocols.

Details of the Ransomware Attack

On July 4, 2024, Coquitlam Concrete fell victim to a ransomware attack orchestrated by Hunters International. The attack was first detected by the ThreatMon Threat Intelligence Team, which noted the company's addition to Hunters International's list of ransomware victims. During the attack, approximately 10.5GB of data, encompassing 26,858 files, was exfiltrated from Coquitlam Concrete's systems.

Profile of Hunters International

Hunters International, a Ransomware-as-a-Service (RaaS) group, surfaced in the third quarter of 2023 following the disruption of the Hive ransomware group. The group's ransomware code shows a significant overlap with Hive, indicating a shared lineage or possible evolution from the previous group. Hunters International is known for its data exfiltration and extortion tactics, targeting a broad range of industries and regions without specific focus. The group's operational strategies include the use of sophisticated encryption methods inherited or adapted from Hive.

Analysis of Attack Vector

The specific methods by which Hunters International penetrated Coquitlam Concrete's defenses are not detailed in the available data. However, typical attack vectors used by similar ransomware groups include phishing, exploitation of unpatched vulnerabilities, and credential stuffing. Coquitlam Concrete's significant data repository and its critical role in the construction supply chain likely made it an attractive target for Hunters International, aiming to leverage stolen data for ransom negotiations.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.