EKI Environment & Water, Inc. Hit by Ransomware Attack from dAn0n Group

Incident Date:

May 4, 2024

World map

Overview

Title

EKI Environment & Water, Inc. Hit by Ransomware Attack from dAn0n Group

Victim

EKI Environment & Water, Inc.

Attacker

dAn0n

Location

Daly City, USA

California, USA

First Reported

May 4, 2024

Ransomware Attack on EKI Environment & Water, Inc. by dAn0n Group

Company Profile

Erler & Kalinowski, Inc., now known as EKI Environment & Water, Inc., is a prominent player in the environmental engineering sector. Founded in 1989 and based in Oakland, California, EKI specializes in environmental, water, wastewater, and water resources services. As an employee-owned entity, it boasts a workforce of 128 and reported revenues of approximately $15 million in 2024. The company operates across multiple states with offices in California, Colorado, Connecticut, and Massachusetts. EKI is recognized for its comprehensive approach to environmental challenges, emphasizing integrated solutions and a commitment to quality and results.

Details of the Ransomware Attack

The ransomware group dAn0n has recently claimed responsibility for a cyberattack on EKI Environment & Water, Inc., announcing the breach on their dark web leak site. This attack resulted in the theft of 1TB of sensitive data, including financial records, legal documents, employee information, and extensive details on clients such as personal data, signed contracts, and legal information.

Analysis of Vulnerabilities

While the specific entry points used by dAn0n in this attack are not publicly disclosed, common vulnerabilities in similar firms include insufficient network segmentation, outdated security patches, and weak endpoint protection. For a company like EKI, which handles large volumes of sensitive environmental and personal data, these gaps provide lucrative targets for cybercriminals.

Profile of the Attacker: dAn0n Ransomware Group

dAn0n is a relatively new entity in the cybercrime arena, having first appeared with multiple data leaks in April. The group is known for its aggressive tactics and rapid publication of stolen data, aiming to pressure victims into paying ransoms quickly. Their targeting of EKI highlights a strategic choice, likely influenced by the company's data-rich environment and potential vulnerabilities in cybersecurity practices.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.