Qilin Group Strikes CEMBELL Industries: A Ransomware Attack Story

Incident Date:

May 11, 2024

World map



Qilin Group Strikes CEMBELL Industries: A Ransomware Attack Story


Cembell Industries




Montz, USA

Louisiana, USA

First Reported

May 11, 2024

Ransomware Attack on CEMBELL Industries by Qilin Group

Victim Profile

CEMBELL Industries, a family-owned commercial and residential construction company based in La Place, Louisiana, fell victim to a cybercrime attack by the ransomware group Qilin. The company was founded in 1980 and specializes in ASME Code work, heat exchanger design & fabrication, and on-site repair of heat exchangers & pressure vessels. With 172 employees and an estimated annual revenue of $33.2 million, CEMBELL Industries prides itself on its experienced workforce, strong safety focus, and ability to meet tight deadlines for customers in the petrochemical industry.

Company Overview

CEMBELL Industries is certified by ASME & NBIC to provide new fabrication and repair of Division 1 & 2 heat exchangers, pressure vessels, columns, reactors, and steam boilers. The company has expanded over the years, moving to a new location in Montz, Louisiana after Hurricane Katrina in 2005.

Vulnerabilities During the Attack

CEMBELL Industries' prominence in the industrial sector, particularly in providing critical services to the petrochemical industry, makes it a prime target for threat actors like the Qilin ransomware group. The company's valuable data and operations could be severely impacted by a ransomware attack, leading to financial losses and reputational damage.

Ransomware Group Tactics

The Qilin ransomware group, also known as Agenda, is a prominent ransomware-as-a-service (RaaS) group that targets critical infrastructure organizations worldwide. They employ a double extortion technique, exfiltrating sensitive data in addition to encrypting it, and demand payment for a decryptor while threatening to release stolen data even after the ransom is paid. Qilin ransomware attacks are highly customizable and written in evasion-prone programming languages, making them a significant emerging threat in the cybersecurity landscape.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.