lockbit2 attacks Hilltop Construction Group
Incident Date:
June 2, 2022
Overview
Title
lockbit2 attacks Hilltop Construction Group
Victim
Hilltop Construction Group
Attacker
Lockbit2
Location
First Reported
June 2, 2022
Hilltop Construction Group Suffers Ransomware Attack
Company Overview
Hilltop Construction Group operates in the construction sector, offering a range of services to take projects from drawings to handover. The company's website highlights their commitment to strict building standards and minimizing wastage on labor and materials to ensure competitive pricing.
Vulnerabilities
The construction industry has seen a rise in ransomware attacks due to outdated systems and insufficient cybersecurity measures. In the case of Hilltop Construction Group, the attackers likely exploited vulnerabilities in the company's systems or networks to gain access and encrypt their data.
Impact
The ransomware attack on Hilltop Construction Group resulted in the encryption of their production data and local backups. The company was left with only cloud services, which still needed to be reviewed for infection and data exfiltration. The attack caused significant disruption to the company's operations, leading to lost productivity and potential financial losses.
Response
Recovery Point, a data recovery service, was able to help Hilltop Construction Group recover their data after the ransomware attack. The company had been a client of Recovery Point since January 2022 and utilized their Veeam Cloud Connect service to maintain an offsite backup copy of critical business data.
Prevention
To prevent future ransomware attacks, companies should implement comprehensive cybersecurity measures, such as installing updates and patches, providing employee training, and using preventive software. Additionally, having cyber insurance can provide financial assistance in the aftermath of an attack, covering expenses related to data recovery, system restoration, legal costs, and potential losses due to business interruption.
Sources
- Hilltop Construction Group. (n.d.). Home - Hilltop Construction Group. Retrieved April 10, 2024, from https://www.hilltopcg.com/.
- Brian W. - ciso. (2022, July 16). Truly an excellent group! Great to work with you, Brian, and so many others in the BFS family. LinkedIn. Retrieved April 10, 2024, from https://www.linkedin.com/posts/brian-wilk_ciso-bldr-bfs-activity-6954211020445810688-jzYa?trk=public_profile_like_view.
- The Horton Group. (n.d.). Ransomware Attacks in Construction. Retrieved April 10, 2024, from https://www.thehortongroup.com/resources/ransomware-attacks-in-construction/.
- BlackFog. (n.d.). What we know about the MOVEit exploit and ransomware attacks. Retrieved April 10, 2024, from https://www.blackfog.com/what-we-know-about-the-moveit-exploit/.
- Recovery Point. (n.d.). Construction Company Has Data Fully Recovered After Ransomware Attack. Retrieved April 10, 2024, from https://www.recoverypoint.com/client-success-stories/construction-company-has-data-fully-recovered-after-ransomware-attack/.
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.