Qilin Ransomware Group Targets Wise Construction in Cyberattack

Incident Date:

June 21, 2024

World map

Overview

Title

Qilin Ransomware Group Targets Wise Construction in Cyberattack

Victim

Wise Construction

Attacker

Qilin

Location

Winchester, USA

Massachusetts, USA

First Reported

June 21, 2024

Ransomware Attack on Wise Construction by Qilin Group

Company Profile: Wise Construction

Wise Construction, Inc., a mid-sized firm with an annual revenue of approximately $50 million, has been a notable player in the construction sector for over two decades. Employing over 200 skilled professionals, the company excels in commercial, residential, and industrial projects. Known for its innovative approaches and commitment to sustainable building practices, Wise Construction has built a reputation for delivering projects on time and within budget. However, its extensive digital footprint and significant data handling make it a potential target for cyber-attacks.

Details of the Ransomware Attack

The Qilin ransomware group, recognized for its sophisticated ransomware-as-a-service operations, recently claimed responsibility for an attack on Wise Construction. The group has made headlines by targeting critical infrastructure sectors, employing a double extortion scheme. In this incident, Qilin not only encrypted the company’s data but also exfiltrated sensitive information, threatening its release unless a ransom was paid. This attack underscores the vulnerability of construction firms, which often manage vast amounts of sensitive project data.

Qilin Ransomware Group: Operational Tactics

Qilin distinguishes itself with highly customizable ransomware solutions, written in Rust and Go, which are difficult to detect and decode. The group typically infiltrates organizations through phishing campaigns, exploiting human error to gain initial access. Post-entry, they perform lateral movements across the network to locate and encrypt critical data. Their approach not only paralyzes the victim’s operations but also places immense pressure by threatening data leakage.

Sources:

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.