Ransomware Attack on Lal Constructions & Engineering (Pvt) Ltd: Threats and Vulnerabilities

Incident Date:

May 8, 2024

World map

Overview

Title

Ransomware Attack on Lal Constructions & Engineering (Pvt) Ltd: Threats and Vulnerabilities

Victim

Lal Constructions & Engineering (Pvt)

Attacker

Ransomhub

Location

Kolkata, India

, India

First Reported

May 8, 2024

Ransomware Attack on Lal Constructions & Engineering (Pvt) Ltd

Victim Profile

Lal Constructions & Engineering (Pvt) Ltd is a premier construction company in Sri Lanka specializing in various civil construction works, including residential houses, hotels, commercial buildings, steel structures, renovations, and roads. The company is known for its commitment to quality projects, sustainability, and ethical business practices.

Company Size

Attack Details

The ransomware attack on Lal Constructions & Engineering (Pvt) Ltd resulted in the theft of confidential data and network disruption. The ransomware group behind the attack, RansomHub, has demanded negotiation for full decryption and data erasure, threatening to leak the stolen information if their demands are not met.

The company has a significant presence in the construction industry in Sri Lanka, with the capacity to undertake projects throughout the country. The company's expansion into a Limited Liability Company and its attainment of ICTAD-C4 grading demonstrate its growth and capability to handle large-scale contracts of significant value and complexity.

Attack and Vulnerabilities

Given the nature of their business involving critical infrastructure projects, Lal Constructions & Engineering (Pvt) Ltd may have been targeted by threat actors due to the potential impact of disrupting their operations. The company's reliance on digital systems for project management and communication could have made them susceptible to ransomware attacks.

Ransomware Group - RansomHub

RansomHub is a ransomware group that has gained attention for substantiating claims with data leaks, distinguishing itself in the cybercrime arena. The group operates globally and collaborates with affiliates as part of a Ransomware-as-a-Service (RaaS) model, offering them a significant portion of the ransom proceeds. RansomHub's targeting of various sectors, including healthcare institutions, and its commitment to extortion tactics through data leaks make it a formidable threat in the cybersecurity landscape.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.