Monti Ransomware Hits Prism Construction, Exposes Sensitive Data
Incident Date:
August 30, 2024
Overview
Title
Monti Ransomware Hits Prism Construction, Exposes Sensitive Data
Victim
Prism Construction
Attacker
Monti
Location
First Reported
August 30, 2024
Monti Ransomware Group Targets Prism Construction in Devastating Cyber Attack
Prism Construction, a prominent Canadian construction firm, has recently fallen victim to a ransomware attack orchestrated by the Monti group. The attack has resulted in the unauthorized download of a significant amount of sensitive information, including confidential data pertaining to customers, employees, and contractual agreements.
About Prism Construction
Prism Construction Ltd., established in 1998 and headquartered in Delta, British Columbia, specializes in the development of custom commercial and industrial facilities. The company is recognized for its commitment to quality, integrity, and client satisfaction. With an annual revenue of approximately $21.3 million and around 51 employees, Prism Construction prides itself on its innovative approach to construction, emphasizing early involvement in project planning to optimize costs and efficiency.
Attack Overview
The ransomware attack, identified through the Bluemaven vector, has compromised a substantial amount of sensitive data. This includes information about customers, employees, and contractual agreements, as well as details about the company's partnerships with other firms. The attackers have threatened to make this information public if Prism Construction does not initiate contact. The incident, referenced under number 1796 and related to the Bridge Studios Lake City project, underscores the critical importance of cybersecurity measures.
About Monti Ransomware Group
Monti ransomware was first identified in June 2022 and quickly became notable for its tactics that closely mirrored those of the Conti group. Monti primarily targets both Windows and Linux systems, with files encrypted by Monti typically bearing the ".puuuk" file extension. The group has shown adaptability by incorporating elements from previous ransomware variants and has developed a new Linux variant to evade detection. Monti has been particularly active in targeting institutions within the legal and governmental sectors, as well as financial services and healthcare.
Penetration and Vulnerabilities
Monti ransomware utilizes the Action1 Remote Monitoring and Maintenance (RMM) agent, which was not previously associated with Conti attacks. This suggests that the group has refined its strategies to enhance effectiveness and evade detection. The attack on Prism Construction highlights the vulnerabilities that even well-established companies face in the evolving landscape of cybercrime. The company's reliance on digital systems for project management and client communication may have made it an attractive target for threat actors.
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.