RansomHub Ransomware Hits A&A Consultants: 60GB Data at Risk

Incident Date:

August 16, 2024

World map

Overview

Title

RansomHub Ransomware Hits A&A Consultants: 60GB Data at Risk

Victim

A&A Consultants, Inc.

Attacker

Ransomhub

Location

McKees Rocks, USA

Pennsylvania, USA

First Reported

August 16, 2024

RansomHub Ransomware Attack on A&A Consultants, Inc.

A&A Consultants, Inc., a civil engineering firm based in Kennedy Township near Pittsburgh, Pennsylvania, has fallen victim to a ransomware attack orchestrated by the RansomHub group. The attackers claim to have exfiltrated 60 GB of sensitive data and have threatened to release it publicly within the next 5 to 6 days.

About A&A Consultants, Inc.

Established in 1996, A&A Consultants, Inc. is a rapidly growing engineering firm specializing in a wide array of services tailored for private firms, governmental agencies, and large corporations. The company is renowned for its expertise in bridge inspection, including initial National Bridge Inspection Standards (NBIS) inspections, periodic routine inspections, and partial inspections. Additionally, A&A Consultants is involved in project supervision and management, having successfully overseen numerous projects across Western Pennsylvania and Eastern Ohio.

The firm employs between 11 to 50 individuals and generates an estimated annual revenue of $1 million to $5 million. This small to medium-sized business structure allows for a personalized approach to client needs, fostering strong relationships and tailored solutions.

Attack Overview

The ransomware group RansomHub has claimed responsibility for the attack on A&A Consultants, Inc. via their dark web leak site. The group alleges that they have obtained 60 GB of the company's data, which they plan to release if their ransom demands are not met. The exact nature of the data compromised has not been disclosed, but it is likely to include sensitive project details and client information.

About RansomHub

RansomHub is a relatively new player in the ransomware landscape, believed to have roots in Russia. Operating as a Ransomware-as-a-Service (RaaS) group, RansomHub's affiliates receive 90% of the ransom money, with the remaining 10% going to the main group. The group has targeted various countries, including the US, Brazil, Indonesia, and Vietnam, with a notable focus on healthcare-related institutions.

RansomHub's ransomware strains are written in Golang, a language that is becoming increasingly popular among ransomware developers. This choice of language may indicate a trend towards more sophisticated and harder-to-detect ransomware attacks in the future.

Potential Vulnerabilities

While the specific vulnerabilities exploited in this attack are not yet known, small to medium-sized businesses like A&A Consultants, Inc. often face challenges in maintaining effective cybersecurity measures. Limited resources and a lack of specialized cybersecurity personnel can make these firms attractive targets for ransomware groups. Additionally, the increasing complexity of ransomware strains, such as those written in Golang, poses a significant threat to organizations that may not have advanced detection and mitigation capabilities.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.