hiveleak attacks Drake & Scull International PJSC

Incident Date:

February 25, 2022

World map



hiveleak attacks Drake & Scull International PJSC


Drake & Scull International PJSC




Sajja, United Arab Emirates

Sharjah, United Arab Emirates

First Reported

February 25, 2022

Drake & Scull International PJSC Targeted by Hiveleak Ransomware Group

Drake & Scull International PJSC (DSI), a global industry leader in electromechanical, integrated design, engineering, and construction for water, power, and oil and gas sectors, has been targeted by the ransomware group Hiveleak. The company, which has been in operation for more than 135 years, operates in the Construction sector and has a significant presence in the Middle East, Europe, and Asia.

DSI employs over 3,000 people across these regions and has completed over 700 projects in the past years, with a backlog of AED 11.3 billion. The company's operations span sectors such as Infrastructure Development, Waste to Energy, Data Centres Development, Mechanical Electrical and Plumbing (MEP), and Renewable Energy.

The Ransomware Attack on DSI

The ransomware attack on DSI is not the first of its kind in the industry. In 2017, a large-scale ransomware attack affected individuals and companies worldwide, including Drake University, which was able to protect its systems by applying Microsoft's patch for the exploit used by the attackers.

The vulnerability that led to DSI's targeting by Hiveleak is not explicitly stated in the available information. However, the company's size and global operations make it a potential target for cybercriminals seeking to exploit unpatched systems or weaknesses in the organization's security measures.

Financial Losses and Management Issues

DSI's recent history has been marked by financial losses and management issues. An internal probe in 2018 found that former executives, board members, and family members had been involved in criminal complaints, and the company had been concealing substantial annual losses from 2009 to 2017, amounting to $857.5 million. These issues may have contributed to the company's vulnerability to cyber attacks.

The ransomware attack on DSI serves as a reminder of the importance of robust cybersecurity measures and employee background checks to protect against such threats. Companies in the Construction sector, particularly those with a global presence and significant operations, should prioritize cybersecurity to mitigate the risks of ransomware attacks and other cyber threats.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.