everest attacks Metek

Incident Date:

June 11, 2022

World map



everest attacks Metek






Sperry Way, United Kingdom

Stonehouse, United Kingdom

First Reported

June 11, 2022

Analysis of the Ransomware Attack on Metek

Overview of the Incident

Metek, a prominent construction company with a specialization in light steel framing, has recently fallen victim to a ransomware attack orchestrated by the Everest group. The announcement of the attack was made on the group's dark web leak site. Metek, which has its online presence at https://www.metek.co.uk/, is engaged in a variety of sectors such as residential, commercial, health, education, student accommodation, and leisure. The company is acclaimed for its sustainable construction practices, notably its use of recyclable materials.

The firm has also been lauded for its innovative application of Building Information Modeling (BIM) technology, securing several accolades for its projects, including the prestigious Construction News Project of the Year award in 2020. Despite these achievements, the specific vulnerabilities that led to Metek being targeted have not been detailed in available reports. However, it is widely acknowledged that ransomware attacks typically exploit weaknesses such as unpatched software, inadequate password policies, and unsecured remote access points.

Ransomware Attack Mechanics

Ransomware attacks are characterized by the encryption of a victim's data, followed by a demand for payment in exchange for the decryption key. Payments are often demanded in anonymous cryptocurrencies, such as Bitcoin or Ethereum, to maintain the anonymity of the attackers. In some instances, attackers may also exfiltrate sensitive data prior to encryption, using the threat of public release as additional leverage to extort further payments from the victim.

Best Practices for Mitigation and Response

To effectively mitigate the risk of ransomware attacks, organizations are advised to adopt robust cyber hygiene practices. These include conducting regular vulnerability scans, ensuring that software is kept up-to-date, and maintaining offline, encrypted backups of critical data. In the unfortunate event of a ransomware attack, affected entities should promptly report the incident to federal law enforcement and seek assistance from the Cybersecurity and Infrastructure Security Agency (CISA).


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.