Ransomware Hits EARTHWORKS Group by Sarcoma Cybercriminals
Incident Date:
October 9, 2024
Overview
Title
Ransomware Hits EARTHWORKS Group by Sarcoma Cybercriminals
Victim
EARTHWORKS Group
Attacker
Sarcoma
Location
First Reported
October 9, 2024
Ransomware Attack on EARTHWORKS Group by Sarcoma
EARTHWORKS Group, a prominent player in the construction and environmental services sector, has recently fallen victim to a ransomware attack orchestrated by the newly emerged cybercriminal group known as "Sarcoma." This incident highlights the growing threat landscape faced by organizations across various industries.
About EARTHWORKS Group
Established in 1996 and headquartered in Murrells Inlet, South Carolina, EARTHWORKS Group is a multifaceted consulting firm specializing in engineering, architecture, environmental management, and construction management services. With over 10,000 projects completed and a team of more than 29 professionals, the company has built a strong reputation for delivering comprehensive solutions to both public and private sector clients. Their expertise spans federal, municipal, commercial, residential, institutional, industrial, and environmental projects, with a notable focus on sustainable practices and regulatory compliance.
Attack Overview
The ransomware attack on EARTHWORKS Group was claimed by Sarcoma on their dark web leak site. This group has quickly gained notoriety for its aggressive tactics and significant data breaches, targeting over 30 organizations across various industries. The attack on EARTHWORKS Group underscores the vulnerabilities faced by companies operating in sectors with complex regulatory environments and extensive data handling requirements.
About Sarcoma Ransomware Group
Sarcoma is a recently emerged ransomware group that has distinguished itself through its aggressive approach and focus on data exfiltration. The group employs a double extortion strategy, encrypting files and threatening to leak sensitive information if ransom demands are not met. Sarcoma's operations are characterized by a lack of publicly listed ransom amounts, instead leveraging data leaks as a primary means of coercion. Their darknet presence serves as a platform to list victims and provide evidence of stolen data, promoting themselves as a means to highlight poor security practices among organizations.
Potential Vulnerabilities
EARTHWORKS Group's extensive involvement in diverse projects and sectors may have contributed to its vulnerability to cyberattacks. The company's reliance on digital infrastructure for project management and regulatory compliance could have provided entry points for Sarcoma's ransomware. The attack serves as a reminder of the critical importance of cybersecurity measures, particularly for organizations handling sensitive data across multiple sectors.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.