Qilin Ransomware Hits J.M. Thompson: Cybersecurity Alert

Incident Date:

August 28, 2024

World map

Overview

Title

Qilin Ransomware Hits J.M. Thompson: Cybersecurity Alert

Victim

JM Thompson

Attacker

Qilin

Location

Cary, USA

North Carolina, USA

First Reported

August 28, 2024

Qilin Ransomware Group Targets J.M. Thompson Company in Latest Cyber Attack

J.M. Thompson Company, a well-established general contractor based in Cary, North Carolina, has recently fallen victim to a ransomware attack orchestrated by the Qilin group. The cybercriminals have claimed responsibility for the attack via their dark web leak site, threatening to publish sensitive organizational data if their demands are not met by September 5, 2024.

About J.M. Thompson Company

Founded in 1921, J.M. Thompson Company (JMT) is a prominent player in the construction sector, specializing in commercial construction projects. The company serves a diverse range of market segments, including healthcare, education, manufacturing, and government. With a workforce of approximately 20 to 49 employees, J.M. Thompson generates annual revenues estimated between $10 million and $25 million. The company is known for its commitment to quality, integrity, and community relationships, which has earned it a strong reputation in the industry.

Attack Overview

The Qilin ransomware group, also known as Agenda, has claimed responsibility for the attack on J.M. Thompson. The group has reportedly gained access to sensitive data and is threatening to release it unless their ransom demands are met. This incident highlights the increasing threat of ransomware attacks on businesses, particularly those in the construction sector, which may not always prioritize cybersecurity measures.

About the Qilin Ransomware Group

The Qilin ransomware group is a sophisticated Ransomware-as-a-Service (RaaS) operation believed to be of Russian origin. First appearing in October 2022, Qilin has targeted various organizations, including healthcare providers, automotive companies, and government agencies. The group is known for its advanced tactics, such as data exfiltration and double extortion, to pressure victims into paying ransoms. Qilin's adaptability and cross-platform capabilities make it a formidable threat in the cybersecurity landscape.

Potential Vulnerabilities

J.M. Thompson's relatively small workforce and focus on traditional construction practices may have contributed to its vulnerability to cyber attacks. Smaller companies often lack the cybersecurity infrastructure needed to defend against sophisticated ransomware groups like Qilin. Additionally, the construction sector's increasing reliance on digital tools and data management systems makes it an attractive target for cybercriminals seeking to exploit potential security gaps.

Penetration Methods

While the exact method of penetration in this case remains unclear, Qilin typically employs phishing attacks, exploiting unpatched software vulnerabilities, and leveraging weak or compromised credentials to gain initial access to target systems. Once inside, the group uses advanced encryption techniques to lock down critical data and demands a ransom for its release.

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.