EnviroNET Inc. Hit by Major Meow Ransomware Data Breach

Incident Date:

September 18, 2024

World map

Overview

Title

EnviroNET Inc. Hit by Major Meow Ransomware Data Breach

Victim

EnviroNET Inc

Attacker

Meow

Location

Davenport, USA

Iowa, USA

First Reported

September 18, 2024

EnviroNET Inc. Falls Victim to Meow Ransomware Attack

EnviroNET Inc., a prominent environmental consulting firm based in Davenport, Iowa, has recently been targeted by the notorious Meow Ransomware group. The attack has resulted in the exfiltration of over 220 GB of sensitive data, which has been disclosed on the ransomware group's dark web leak site.

About EnviroNET Inc.

EnviroNET Inc. specializes in providing comprehensive environmental management solutions, focusing on monitoring and controlling environmental impacts across various industries. Established in 1995, this Veteran-Owned and SBA-certified HUBZone firm operates out of Kamuela, Hawaii, with additional operations in Davenport, Iowa. The company employs approximately 24 individuals and has an annual revenue of about $23.9 million.

EnviroNET Inc. is recognized for its innovative monitoring solutions, which include advanced systems for air quality monitoring, water quality assessment, and waste management. These services are crucial for compliance with regulatory standards and for promoting public health. The company also offers consulting services to guide clients through the complexities of environmental regulations and best practices.

Details of the Ransomware Attack

The ransomware attack on EnviroNET Inc. has exposed a significant amount of confidential data, including employee records, client information, and personal documents such as identification scans. The compromised data reportedly includes sensitive information from a range of clients, including municipal, property, and federal organizations, primarily located in the Midwest.

This incident highlights the vulnerabilities faced by organizations that manage sensitive environmental and engineering data. The exposure of both corporate and individual information underscores the significant risks associated with such data breaches.

About Meow Ransomware Group

Meow Ransomware is a group that emerged in late 2022 and has been associated with the Conti v2 ransomware variant. The group employs various infection methods, including phishing emails, exploit kits, Remote Desktop Protocol (RDP) vulnerabilities, and malvertising. Once a system is compromised, the ransomware encrypts files using a combination of the ChaCha20 and RSA-4096 algorithms.

Meow Ransomware is known for targeting industries with sensitive data, such as healthcare and medical research. They maintain a data leak site where they list victims who have not paid the ransom. The group leaves behind a ransom note named "readme.txt" that instructs victims to contact them via email or Telegram to negotiate the ransom payment and retrieve their encrypted files.

Potential Vulnerabilities

EnviroNET Inc.'s focus on environmental monitoring and consulting services makes it a prime target for ransomware groups like Meow. The company's reliance on advanced technological solutions and the sensitive nature of the data it handles increase its vulnerability to cyberattacks. The use of RDP vulnerabilities and phishing emails by the Meow Ransomware group could have been potential entry points for the attack.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.