LockBit Ransomware Hits QES Pavements: Security Concerns Rise
Incident Date:
August 11, 2024
Overview
Title
LockBit Ransomware Hits QES Pavements: Security Concerns Rise
Victim
QES Pavements
Attacker
Lockbit3
Location
First Reported
August 11, 2024
Ransomware Attack on QES Pavements by LockBit Group
QES Pavements, a prominent provider of pavement engineering and consulting services, has recently fallen victim to a ransomware attack orchestrated by the notorious LockBit group. The attack, discovered on August 12, 2024, has raised significant concerns about the security of the company's sensitive information.
About QES Pavements
Founded in 1997 in Conneaut Lake, Pennsylvania, QES Pavements, officially registered as Quality Engineering Services, Inc., specializes in pavement engineering and construction inspection. The company employs over 40 inspectors and 9 specialized pavement engineers, operating across 25 states, including Washington D.C. and Puerto Rico. QES is recognized for its leadership in the pavement industry, with engineers holding P.E. certifications in 14 states and contributing to over 150 published research papers.
QES offers a comprehensive range of services, including pavement design, pavement management, construction inspection, materials investigation, and technology transfer and training. Their mission is to deliver quality engineering solutions that optimize pavement performance, enhance durability, and extend the lifespan of pavement networks.
Details of the Attack
The ransomware attack on QES Pavements was executed by the LockBit group, a highly sophisticated ransomware-as-a-service (RaaS) entity active since September 2019. LockBit employs "double extortion" tactics, exfiltrating sensitive data and threatening to release it publicly if the ransom is not paid. The exact size of the data leak remains unknown, but the incident underscores the growing threat of ransomware to critical infrastructure and specialized service providers.
About LockBit Group
LockBit has become the most active ransomware group, responsible for over one-third of all ransomware attacks in the latter half of 2022 and the first quarter of 2023. The group uses a combination of RSA-2048 and AES-256 encryption algorithms to encrypt victims' files. LockBit is designed to exploit vulnerabilities in Remote Desktop Protocol (RDP) services and unsecured network shares to spread quickly across a network. The ransomware demands payment in Bitcoin, typically ranging from several thousand to several hundred thousand dollars.
Potential Vulnerabilities
QES Pavements, like many specialized service providers, may have been targeted due to potential vulnerabilities in their network security. The company's extensive operations across multiple states and the handling of sensitive data related to pavement engineering and construction projects make it an attractive target for ransomware groups like LockBit. The attack highlights the importance of cybersecurity measures to protect against sophisticated threats.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.