sparta attacks Copisa
Incident Date:
September 22, 2022
Overview
Title
sparta attacks Copisa
Victim
Copisa
Attacker
Sparta
Location
First Reported
September 22, 2022
Grupo Copisa Suffers Ransomware Attack by Sparta Group
Company Overview
Grupo Copisa, a leading entity in the construction industry, is distinguished by its commitment to sustainable practices and the integration of Building Information Modeling (BIM) technology. Their dedication to innovation and quality is evident in their approach to the design, auditing, and monitoring of construction projects.
Vulnerabilities and Targeting
The Sparta ransomware group has successfully exploited vulnerabilities within Grupo Copisa's systems, resulting in the encryption of their files and a subsequent ransom demand for the decryption key. Notably, the attackers employed a custom VSS Copying Tool to exfiltrate files from shadow volume copies, circumventing the protection typically provided when files are actively used by applications.
Industry Impact
The construction sector has increasingly become a target for ransomware attacks, leading to substantial financial losses and operational disruptions for affected companies. The prevalence of such attacks is underscored by statistics indicating that 71% of companies have experienced ransomware incidents, with the average financial impact per incident reaching $4.35 million.
Mitigation Strategies
To counter the threat of ransomware, organizations are advised to proactively address known system vulnerabilities, enforce multifactor authentication, ensure the availability of offline data backups, and maintain up-to-date operating systems, software, and firmware.
The Sparta ransomware attack on Grupo Copisa underscores the critical importance of comprehensive cybersecurity measures within the construction industry. By adhering to established best practices and remaining alert to new threats, companies can significantly diminish their risk of ransomware attacks and mitigate their potential consequences.
Sources
- Grupo Copisa | Construcción sostenible
- FBI: Play ransomware breached 300 victims, including critical orgs. URL: https://www.fbi.gov/news/stories/play-ransomware-091522
- Ransomware Attack - What is it and How Does it Work? - Check Point. URL: https://www.checkpoint.com/cyber-hub/threat-prevention/ransomware-attack/
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.