lockbit3 attacks KKCS
Incident Date:
August 26, 2022
Overview
Title
lockbit3 attacks KKCS
Victim
KKCS
Attacker
Lockbit3
Location
First Reported
August 26, 2022
KKCS, a Construction Management Firm, Suffers Ransomware Attack
Company Profile
KKCS, a full-service program management, project management, and construction management firm, has been targeted by the ransomware group Lockbit3. The attack was announced on the group's dark web leak site. KKCS operates in the Construction sector and boasts over 30 years of experience in providing consulting services for transportation, aviation, infrastructure, and facilities projects.
As a nationwide firm, KKCS possesses extensive experience in all phases of transportation projects, including light and heavy rail transit, high-speed rail, bus rapid transit, streetcar, commuter rail, intermodal stations, airports, freeways, highways, bridges, and roadways. The company's portfolio also extends to energy, water, and wastewater infrastructure, collaborating with transportation agencies, public works agencies, educational institutions, and private firms.
Vulnerabilities and Mitigation
Ransomware attacks frequently exploit vulnerabilities in software, outdated systems, or human error, such as clicking on malicious links or downloading infected attachments. To mitigate these risks, organizations are advised to adopt good cyber hygiene practices. These include regular vulnerability scanning, timely patching and updating of software, and educating employees on phishing scams and safe online practices.
Response and Recovery
In the wake of a ransomware attack, it is crucial for victims to immediately disconnect infected devices from the network, report the attack to federal law enforcement, and activate their backup and recovery plan. Paying the ransom is strongly discouraged, as it does not guarantee the recovery of data and may incentivize further attacks.
The ransomware attack on KKCS serves as a stark reminder of the persistent threat of cybercrime to businesses and organizations across various sectors. It emphasizes the critical need for robust cybersecurity measures, regular software updates, and comprehensive employee training to both prevent and effectively respond to such attacks.
Sources
- KKCS - Full-service program management, project management, and construction management firm
- Ransomware 101 - CISA
- Ransomware | Federal Trade Commission
- Stop Ransomware - CISA
- The No More Ransom Project: Home
- Ransomware - FBI
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.