Ransomware Strikes Cottle's Asphalt by BlackSuit Group
Incident Date:
September 24, 2024
Overview
Title
Ransomware Strikes Cottle's Asphalt by BlackSuit Group
Victim
Cottle's Asphalt Maintenance Inc.
Attacker
Black Suit
Location
First Reported
September 24, 2024
Ransomware Attack on Cottle's Asphalt Maintenance Inc. by BlackSuit
Cottle's Asphalt Maintenance Inc., a reputable infrastructure contracting firm based in Everett, Pennsylvania, has recently been targeted by the notorious ransomware group BlackSuit. This attack, discovered on September 24, has raised significant concerns about the security of sensitive data within the construction sector.
Company Profile and Industry Standing
Cottle's Asphalt Maintenance Inc. is a well-established company specializing in asphalt paving and construction services. With over 22 years of experience, the company has built a strong reputation for quality and responsiveness, particularly in emergency repairs for the Pennsylvania Department of Transportation. Employing between 11 to 50 individuals, Cottle's Inc. is recognized for its commitment to high-quality construction projects and its design-build approach, which integrates design and construction phases to streamline project delivery.
Vulnerabilities and Targeting
The construction sector, while traditionally focused on physical infrastructure, is increasingly becoming a target for cyber threats due to its reliance on digital systems for project management and communication. Cottle's Inc.'s commitment to quality and safety, while a strength, also necessitates the use of advanced technologies, which can introduce vulnerabilities if not adequately protected. The company's involvement in both public and private sector projects may have made it an attractive target for BlackSuit, which is known for targeting high-value entities.
Attack Overview
The BlackSuit ransomware group, known for its double extortion tactics, has claimed responsibility for the attack on Cottle's Inc. This group typically exfiltrates sensitive data before encrypting it, threatening to release the information unless a ransom is paid. While the exact size of the data leak from Cottle's Inc. remains undetermined, the potential compromise of sensitive information poses a significant risk to the company's operations and reputation.
About BlackSuit Ransomware Group
BlackSuit, a successor to the Royal ransomware family, has distinguished itself through sophisticated tactics, including data exfiltration and extortion. The group often gains initial access through phishing emails, disabling antivirus software, and exfiltrating data before deploying ransomware. Their ransom demands can range from $1 million to $10 million, with payments typically requested in Bitcoin. BlackSuit's focus on high-value targets, such as healthcare and media companies, underscores the threat they pose to industries like construction.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.