Monti Ransomware Hits Prism Construction, Exposes Sensitive Data
Monti Ransomware Group Targets Prism Construction in Devastating Cyber Attack
Prism Construction, a prominent Canadian construction firm, has recently fallen victim to a ransomware attack orchestrated by the Monti group. The attack has resulted in the unauthorized download of a significant amount of sensitive information, including confidential data pertaining to customers, employees, and contractual agreements.
About Prism Construction
Prism Construction Ltd., established in 1998 and headquartered in Delta, British Columbia, specializes in the development of custom commercial and industrial facilities. The company is recognized for its commitment to quality, integrity, and client satisfaction. With an annual revenue of approximately $21.3 million and around 51 employees, Prism Construction prides itself on its innovative approach to construction, emphasizing early involvement in project planning to optimize costs and efficiency.
Attack Overview
The ransomware attack, identified through the Bluemaven vector, has compromised a substantial amount of sensitive data. This includes information about customers, employees, and contractual agreements, as well as details about the company's partnerships with other firms. The attackers have threatened to make this information public if Prism Construction does not initiate contact. The incident, referenced under number 1796 and related to the Bridge Studios Lake City project, underscores the critical importance of cybersecurity measures.
About Monti Ransomware Group
Monti ransomware was first identified in June 2022 and quickly became notable for its tactics that closely mirrored those of the Conti group. Monti primarily targets both Windows and Linux systems, with files encrypted by Monti typically bearing the ".puuuk" file extension. The group has shown adaptability by incorporating elements from previous ransomware variants and has developed a new Linux variant to evade detection. Monti has been particularly active in targeting institutions within the legal and governmental sectors, as well as financial services and healthcare.
Penetration and Vulnerabilities
Monti ransomware utilizes the Action1 Remote Monitoring and Maintenance (RMM) agent, which was not previously associated with Conti attacks. This suggests that the group has refined its strategies to enhance effectiveness and evade detection. The attack on Prism Construction highlights the vulnerabilities that even well-established companies face in the evolving landscape of cybercrime. The company's reliance on digital systems for project management and client communication may have made it an attractive target for threat actors.
See Halcyon in action
Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!