HB Construction Hit by Major Ransomware Attack by Hunters International

Incident Date:

September 13, 2024

World map

Overview

Title

HB Construction Hit by Major Ransomware Attack by Hunters International

Victim

HB Construction

Attacker

Hunters International

Location

Albuquerque, USA

New Mexico, USA

First Reported

September 13, 2024

Ransomware Attack on HB Construction by Hunters International

HB Construction, a reputable construction services provider based in Spicewood, Texas, has recently fallen victim to a ransomware attack orchestrated by the hacking group Hunters International. The attack has resulted in the exfiltration of 505.2 GB of data, encompassing 160,734 files, as claimed by the attackers on their dark web leak site.

About HB Construction

Established in 2016, HB Construction specializes in both commercial and residential projects, offering services such as general contracting, consulting, and construction management. The company is known for its emphasis on quality, safety, and productivity, ensuring projects are delivered on time and within budget. Their construction management services are particularly notable, as they oversee all aspects of a project, manage subcontractors, and act as the primary point of contact for clients, thereby minimizing risks and streamlining processes.

Company Size and Industry Standing

HB Construction has garnered positive feedback for its integrity, attention to detail, and problem-solving capabilities. The firm has successfully collaborated on various projects, including commercial developments like dog daycare facilities. Their commitment to professionalism and quality workmanship has solidified their reputation in the construction industry. The company also engages in community initiatives aimed at fostering positive impacts for local youth.

Vulnerabilities and Attack Overview

The ransomware attack on HB Construction highlights the vulnerabilities that even reputable firms can face. The substantial volume of exfiltrated data suggests a significant breach that could impact various aspects of the company's operations. The exact nature of the stolen data has not been disclosed, but the breach underscores the importance of comprehensive cybersecurity measures.

About Hunters International

Hunters International is a Ransomware-as-a-Service (RaaS) group that emerged in Q3 of 2023, shortly after the disruption of the notorious Hive ransomware group. The group exhibits significant technical overlap with Hive, suggesting an evolution or offshoot of the dismantled operation. Their primary objective is to exfiltrate target data and extort victims with a ransom demand. The group has been detected targeting victims across various regions, including the US, UK, Germany, and Namibia.

Penetration Tactics

Hunters International's ransomware code contains approximately 60% overlap with Hive ransomware, indicating a shared technical lineage. The group's techniques and operational strategies resemble those of Hive, suggesting they have inherited or adapted Hive's encryption methods and tactics. The group has been known to use fake identities and tricky methods to conceal their true origins, making it difficult to definitively determine their location and leadership.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.