Ransomware Attack on Lal Constructions & Engineering (Pvt) Ltd: Threats and Vulnerabilities
Incident Date:
May 8, 2024
Overview
Title
Ransomware Attack on Lal Constructions & Engineering (Pvt) Ltd: Threats and Vulnerabilities
Victim
Lal Constructions & Engineering (Pvt)
Attacker
Ransomhub
Location
First Reported
May 8, 2024
Ransomware Attack on Lal Constructions & Engineering (Pvt) Ltd
Victim Profile
Lal Constructions & Engineering (Pvt) Ltd is a premier construction company in Sri Lanka specializing in various civil construction works, including residential houses, hotels, commercial buildings, steel structures, renovations, and roads. The company is known for its commitment to quality projects, sustainability, and ethical business practices.
Company Size
Attack Details
The ransomware attack on Lal Constructions & Engineering (Pvt) Ltd resulted in the theft of confidential data and network disruption. The ransomware group behind the attack, RansomHub, has demanded negotiation for full decryption and data erasure, threatening to leak the stolen information if their demands are not met.
The company has a significant presence in the construction industry in Sri Lanka, with the capacity to undertake projects throughout the country. The company's expansion into a Limited Liability Company and its attainment of ICTAD-C4 grading demonstrate its growth and capability to handle large-scale contracts of significant value and complexity.
Attack and Vulnerabilities
Given the nature of their business involving critical infrastructure projects, Lal Constructions & Engineering (Pvt) Ltd may have been targeted by threat actors due to the potential impact of disrupting their operations. The company's reliance on digital systems for project management and communication could have made them susceptible to ransomware attacks.
Ransomware Group - RansomHub
RansomHub is a ransomware group that has gained attention for substantiating claims with data leaks, distinguishing itself in the cybercrime arena. The group operates globally and collaborates with affiliates as part of a Ransomware-as-a-Service (RaaS) model, offering them a significant portion of the ransom proceeds. RansomHub's targeting of various sectors, including healthcare institutions, and its commitment to extortion tactics through data leaks make it a formidable threat in the cybersecurity landscape.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.