LockBit Ransomware Hits QES Pavements: Security Concerns Rise
Ransomware Attack on QES Pavements by LockBit Group
QES Pavements, a prominent provider of pavement engineering and consulting services, has recently fallen victim to a ransomware attack orchestrated by the notorious LockBit group. The attack, discovered on August 12, 2024, has raised significant concerns about the security of the company's sensitive information.
About QES Pavements
Founded in 1997 in Conneaut Lake, Pennsylvania, QES Pavements, officially registered as Quality Engineering Services, Inc., specializes in pavement engineering and construction inspection. The company employs over 40 inspectors and 9 specialized pavement engineers, operating across 25 states, including Washington D.C. and Puerto Rico. QES is recognized for its leadership in the pavement industry, with engineers holding P.E. certifications in 14 states and contributing to over 150 published research papers.
QES offers a comprehensive range of services, including pavement design, pavement management, construction inspection, materials investigation, and technology transfer and training. Their mission is to deliver quality engineering solutions that optimize pavement performance, enhance durability, and extend the lifespan of pavement networks.
Details of the Attack
The ransomware attack on QES Pavements was executed by the LockBit group, a highly sophisticated ransomware-as-a-service (RaaS) entity active since September 2019. LockBit employs "double extortion" tactics, exfiltrating sensitive data and threatening to release it publicly if the ransom is not paid. The exact size of the data leak remains unknown, but the incident underscores the growing threat of ransomware to critical infrastructure and specialized service providers.
About LockBit Group
LockBit has become the most active ransomware group, responsible for over one-third of all ransomware attacks in the latter half of 2022 and the first quarter of 2023. The group uses a combination of RSA-2048 and AES-256 encryption algorithms to encrypt victims' files. LockBit is designed to exploit vulnerabilities in Remote Desktop Protocol (RDP) services and unsecured network shares to spread quickly across a network. The ransomware demands payment in Bitcoin, typically ranging from several thousand to several hundred thousand dollars.
Potential Vulnerabilities
QES Pavements, like many specialized service providers, may have been targeted due to potential vulnerabilities in their network security. The company's extensive operations across multiple states and the handling of sensitive data related to pavement engineering and construction projects make it an attractive target for ransomware groups like LockBit. The attack highlights the importance of cybersecurity measures to protect against sophisticated threats.
Sources
See Halcyon in action
Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!