Willemen Group Suffers Ransomware Attack

Company Overview

Willemen Group is a construction sector company that emphasizes quality, innovation, and sustainability. The company brings together various competencies and knowledge in enthusiastic teams to shape the future of construction projects. They are committed to digitization and sustainability, aligning with the United Nations Sustainable Development Goals and preparing for the European Green Deal. The company employs 2,100 people and has a strong focus on safety, with a goal of ensuring that everyone, including employees, subcontractors, suppliers, and partners, returns home safely every day.

Vulnerabilities and Attack Vectors

Ransomware attacks typically exploit vulnerabilities in software, use brute-force credential attacks, employ social engineering tactics, leverage previously compromised credentials, or abuse trust opportunities. The 2022 Unit 42 Incident Response Report identified that 48% of ransomware cases began with software vulnerabilities, and 32% of ransomware attacks experienced by survey respondents in the past year started with an exploited vulnerability.

In the case of Willemen Group, the attack vector is not explicitly stated. However, it is mentioned that the attackers are using multiextortion techniques, which can include copying and exfiltrating unencrypted data, shaming the victim on social media, threatening additional attacks like DDoS, or leaking the stolen information to clients or on the dark web.

Industry Vulnerabilities

The construction sector is known for its use of older technologies that are more prone to security gaps, and patches may not be available for legacy and end-of-life solutions. Additionally, the larger the environment, the greater the challenge in understanding the attack surface and maintaining the necessary tools and technologies.

Mitigation Strategies

To mitigate ransomware attacks, organizations should focus on understanding the attack vectors used by threat actors and implementing platforms for EDR, SOAR, and active ASM to reduce the risk of infection. Good security practices, such as phishing training and password hygiene among employees, can also help reduce the likelihood of social engineering or brute-force attacks. Streamlined offboarding for ex-employees can prevent insider attacks.

Sources

• Willemen Group. (n.d.). Welkom bij Willemen Groep. Retrieved April 10, 2024, from https://www.willemen.be/en
• Internet Crime Complaint Center(IC3). (n.d.). Ransomware attacks. Retrieved April 10, 2024, from https://www.ic3.gov/Content/PDF/Ransomware_Fact_Sheet.pdf
• Palo Alto Networks. (n.d.). What are Ransomware Attacks? Retrieved April 10, 2024, from https://www.paloaltonetworks.com/cyberpedia/ransomware-common-attack-methods
• Sophos News. (2024, April 03). Unpatched Vulnerabilities: The Most Brutal Ransomware Attack Vector. Retrieved April 10, 2024, from https://news.sophos.com/en-us/2024/04/03/unpatched-vulnerabilities-the-most-brutal-ransomware-attack-vector/
• Imperva. (n.d.). What is Ransomware | Attack Types, Protection & Removal. Retrieved April 10, 2024, from https://www.imperva.com/learn/application-security/ransomware/
• Dark Reading. (2023, August 07). Ransomware Victims Surge as Threat Actors Pivot to Zero-Day Exploits. Retrieved April 10, 2024, from https://www.darkreading.com/threat-intelligence/ransomware-victims-surge-as-threat-actors-pivot-to-zero-day-exploits