Ransomware Attack on Stahly Engineering: dAn0n Group Exfiltrates 1.2 TB Data
Incident Date:
August 23, 2024
Overview
Title
Ransomware Attack on Stahly Engineering: dAn0n Group Exfiltrates 1.2 TB Data
Victim
Stahly Engineering & Associates
Attacker
dAn0n
Location
First Reported
August 23, 2024
Ransomware Attack on Stahly Engineering & Associates by dAn0n Group
Stahly Engineering & Associates, a prominent civil engineering and surveying firm based in Helena, Montana, has recently fallen victim to a ransomware attack orchestrated by the dAn0n group. The attackers claim to have exfiltrated 1.2 TB of sensitive data, posing a significant threat to the firm's operations and client confidentiality.
Company Profile
Founded in 1970, Stahly Engineering & Associates is an employee-owned firm with additional offices in Bozeman, Billings, Great Falls, and Cody, Wyoming. The company specializes in various engineering fields, including transportation, site development, municipal, and structural engineering, as well as surveying and construction inspection services. With a strong emphasis on community involvement and high-quality service delivery, Stahly Engineering has built a reputation for excellence in the construction sector.
Attack Overview
The dAn0n ransomware group, known for its aggressive tactics and rapid publication of stolen data, has claimed responsibility for the attack on Stahly Engineering. The group operates a Ransomware-as-a-Service (RaaS) model, enabling other threat actors to utilize their malware. The breach has potentially compromised a significant amount of critical data, including client information and project details, which could have severe repercussions for the firm's operations and reputation.
Ransomware Group Profile
The dAn0n group emerged in April 2023 and has quickly gained notoriety for its aggressive approach to ransomware attacks. The group has already posted information about 12 victims on their data leak site, primarily targeting the business services sector in the United States. Unlike other ransomware groups, dAn0n's data leak site lacks emphasis on design or branding, suggesting a focus on attack methodologies over aesthetics. No decryptor is currently available for their ransomware, making it a formidable threat.
Potential Vulnerabilities
Stahly Engineering's commitment to community involvement and high-quality service delivery may have inadvertently made them a target for ransomware attacks. As an employee-owned firm, the company likely handles a significant amount of sensitive data, including client information and project details. This data is highly valuable to threat actors, making the firm an attractive target. Additionally, the firm's multiple office locations could present potential vulnerabilities in their cybersecurity infrastructure, providing multiple entry points for attackers.
Penetration Methods
While the exact method of penetration used by the dAn0n group in this attack is not publicly disclosed, common tactics include phishing emails, exploiting software vulnerabilities, and leveraging weak or stolen credentials. Given the group's aggressive approach, it is likely that they employed a combination of these methods to infiltrate Stahly Engineering's systems and exfiltrate the data.
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.