Digital Warfare: McAlvain Construction vs. Cactus Ransomware
Incident Date:
April 4, 2024
Overview
Title
Digital Warfare: McAlvain Construction vs. Cactus Ransomware
Victim
McAlvain Companies Inc.
Attacker
Cactus
Location
First Reported
April 4, 2024
McAlvain Construction Company Targeted by Cactus Ransomware Group
Company Profile
McAlvain, a construction company that specializes in large-scale projects in Idaho, recently fell victim to an attack by the Cactus ransomware group. The company, renowned in the construction sector for its expertise in concrete services, safety, quality, productivity, and innovative leadership, confirmed the incident. McAlvain Companies, Inc., headquartered in Boise, Idaho, operates in the construction industry. According to LinkedIn, the company has a workforce ranging from 201 to 500 employees.
Vulnerabilities and Impact
The Cactus ransomware group, which first surfaced in March 2023, has been responsible for 18 confirmed attacks so far, including the one on McAlvain. The ransomware disables functions and applications, adds registry entries, files, and programs, and encrypts data with the file extension ".id-[id].[email].brrr". The attack on McAlvain is part of a broader trend of ransomware targeting various industries, with the ransom demanded often varying depending on the size and significance of the victim.
Response and Mitigation
Te extent of the damage or the measures the company have taken to mitigate the impact of the attack has not been disclosed by them. However, it is crucial for companies, such as McAlvain Construction Company, to have robust cybersecurity measures in place, including regular backups, security software, and employee training, to reduce the risk of ransomware attacks.
Sources
- McAlvain | Expert Large-Scale Construction in Idaho
- Construction company McAlvain confirms data breach that exposed SSNs and other employee info
- Live Ransomware Updates - Ransom-DB
- THREAT ALERT: INC Ransomware - Cybereason
- Daily Dark Web on X: "The New Ransomware Victim of CACTUS"
- Ransomware Attacks and Types – How Encryption Trojans Differ
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.