Coquitlam Concrete Hit by Hunters International Ransomware

Incident Date: Jul 04, 2024

Attack Overview

VICTIM

Сoquitlam Concrete

INDUSTRY

Construction

LOCATION

Canada

ATTACKER

Hunters International

FIRST REPORTED

July 4, 2024

Request Removal

Analysis of the Ransomware Attack on Coquitlam Concrete by Hunters International

Company Profile: Coquitlam Concrete

Coquitlam Concrete (1993) Ltd., a stalwart in the Metro-Vancouver construction sector, has been operational since 1993. As an independent, family-owned business, it specializes in ready-mix and precast concrete products. Utilizing its own aggregate source, the company is adept at meeting diverse design and strength specifications, which is a significant competitive edge in the construction industry. With over 75 years in the business, Coquitlam Concrete employs more than thirty individuals and operates a fleet of mixer trucks, a ready-mix plant, and a precast yard. Their commitment to environmental responsibility and safety is evident in their use of advanced systems and protocols.

Details of the Ransomware Attack

On July 4, 2024, Coquitlam Concrete fell victim to a ransomware attack orchestrated by Hunters International. The attack was first detected by the ThreatMon Threat Intelligence Team, which noted the company's addition to Hunters International's list of ransomware victims. During the attack, approximately 10.5GB of data, encompassing 26,858 files, was exfiltrated from Coquitlam Concrete's systems.

Profile of Hunters International

Hunters International, a Ransomware-as-a-Service (RaaS) group, surfaced in the third quarter of 2023 following the disruption of the Hive ransomware group. The group's ransomware code shows a significant overlap with Hive, indicating a shared lineage or possible evolution from the previous group. Hunters International is known for its data exfiltration and extortion tactics, targeting a broad range of industries and regions without specific focus. The group's operational strategies include the use of sophisticated encryption methods inherited or adapted from Hive.

Analysis of Attack Vector

The specific methods by which Hunters International penetrated Coquitlam Concrete's defenses are not detailed in the available data. However, typical attack vectors used by similar ransomware groups include phishing, exploitation of unpatched vulnerabilities, and credential stuffing. Coquitlam Concrete's significant data repository and its critical role in the construction supply chain likely made it an attractive target for Hunters International, aiming to leverage stolen data for ransom negotiations.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.