everest attacks Metek

Incident Date: Jun 11, 2022

Attack Overview

VICTIM

Metek

INDUSTRY

Construction

LOCATION

United Kingdom

ATTACKER

Everest

FIRST REPORTED

June 11, 2022

Request Removal

Analysis of the Ransomware Attack on Metek

Overview of the Incident

Metek, a prominent construction company with a specialization in light steel framing, has recently fallen victim to a ransomware attack orchestrated by the Everest group. The announcement of the attack was made on the group's dark web leak site. Metek, which has its online presence at https://www.metek.co.uk/, is engaged in a variety of sectors such as residential, commercial, health, education, student accommodation, and leisure. The company is acclaimed for its sustainable construction practices, notably its use of recyclable materials.

The firm has also been lauded for its innovative application of Building Information Modeling (BIM) technology, securing several accolades for its projects, including the prestigious Construction News Project of the Year award in 2020. Despite these achievements, the specific vulnerabilities that led to Metek being targeted have not been detailed in available reports. However, it is widely acknowledged that ransomware attacks typically exploit weaknesses such as unpatched software, inadequate password policies, and unsecured remote access points.

Ransomware Attack Mechanics

Ransomware attacks are characterized by the encryption of a victim's data, followed by a demand for payment in exchange for the decryption key. Payments are often demanded in anonymous cryptocurrencies, such as Bitcoin or Ethereum, to maintain the anonymity of the attackers. In some instances, attackers may also exfiltrate sensitive data prior to encryption, using the threat of public release as additional leverage to extort further payments from the victim.

Best Practices for Mitigation and Response

To effectively mitigate the risk of ransomware attacks, organizations are advised to adopt robust cyber hygiene practices. These include conducting regular vulnerability scans, ensuring that software is kept up-to-date, and maintaining offline, encrypted backups of critical data. In the unfortunate event of a ransomware attack, affected entities should promptly report the incident to federal law enforcement and seek assistance from the Cybersecurity and Infrastructure Security Agency (CISA).

Sources

Cybersecurity and Infrastructure Security Agency (CISA) - https://www.cisa.gov/
Bitcoin - https://bitcoin.org/
Ethereum - https://ethereum.org/

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.