Grupo Copisa Suffers Ransomware Attack by Sparta Group

Company Overview

Grupo Copisa, a leading entity in the construction industry, is distinguished by its commitment to sustainable practices and the integration of Building Information Modeling (BIM) technology. Their dedication to innovation and quality is evident in their approach to the design, auditing, and monitoring of construction projects.

Vulnerabilities and Targeting

The Sparta ransomware group has successfully exploited vulnerabilities within Grupo Copisa's systems, resulting in the encryption of their files and a subsequent ransom demand for the decryption key. Notably, the attackers employed a custom VSS Copying Tool to exfiltrate files from shadow volume copies, circumventing the protection typically provided when files are actively used by applications.

Industry Impact

The construction sector has increasingly become a target for ransomware attacks, leading to substantial financial losses and operational disruptions for affected companies. The prevalence of such attacks is underscored by statistics indicating that 71% of companies have experienced ransomware incidents, with the average financial impact per incident reaching $4.35 million.

Mitigation Strategies

To counter the threat of ransomware, organizations are advised to proactively address known system vulnerabilities, enforce multifactor authentication, ensure the availability of offline data backups, and maintain up-to-date operating systems, software, and firmware.

The Sparta ransomware attack on Grupo Copisa underscores the critical importance of comprehensive cybersecurity measures within the construction industry. By adhering to established best practices and remaining alert to new threats, companies can significantly diminish their risk of ransomware attacks and mitigate their potential consequences.

Sources

• Grupo Copisa | Construcción sostenible
• FBI: Play ransomware breached 300 victims, including critical orgs. URL: https://www.fbi.gov/news/stories/play-ransomware-091522
• Ransomware Attack - What is it and How Does it Work? - Check Point. URL: https://www.checkpoint.com/cyber-hub/threat-prevention/ransomware-attack/