RansomHub Ransomware Attack on A&A Consultants, Inc.

A&A Consultants, Inc., a civil engineering firm based in Kennedy Township near Pittsburgh, Pennsylvania, has fallen victim to a ransomware attack orchestrated by the RansomHub group. The attackers claim to have exfiltrated 60 GB of sensitive data and have threatened to release it publicly within the next 5 to 6 days.

About A&A Consultants, Inc.

Established in 1996, A&A Consultants, Inc. is a rapidly growing engineering firm specializing in a wide array of services tailored for private firms, governmental agencies, and large corporations. The company is renowned for its expertise in bridge inspection, including initial National Bridge Inspection Standards (NBIS) inspections, periodic routine inspections, and partial inspections. Additionally, A&A Consultants is involved in project supervision and management, having successfully overseen numerous projects across Western Pennsylvania and Eastern Ohio.

The firm employs between 11 to 50 individuals and generates an estimated annual revenue of $1 million to $5 million. This small to medium-sized business structure allows for a personalized approach to client needs, fostering strong relationships and tailored solutions.

Attack Overview

The ransomware group RansomHub has claimed responsibility for the attack on A&A Consultants, Inc. via their dark web leak site. The group alleges that they have obtained 60 GB of the company's data, which they plan to release if their ransom demands are not met. The exact nature of the data compromised has not been disclosed, but it is likely to include sensitive project details and client information.

About RansomHub

RansomHub is a relatively new player in the ransomware landscape, believed to have roots in Russia. Operating as a Ransomware-as-a-Service (RaaS) group, RansomHub's affiliates receive 90% of the ransom money, with the remaining 10% going to the main group. The group has targeted various countries, including the US, Brazil, Indonesia, and Vietnam, with a notable focus on healthcare-related institutions.

RansomHub's ransomware strains are written in Golang, a language that is becoming increasingly popular among ransomware developers. This choice of language may indicate a trend towards more sophisticated and harder-to-detect ransomware attacks in the future.

Potential Vulnerabilities

While the specific vulnerabilities exploited in this attack are not yet known, small to medium-sized businesses like A&A Consultants, Inc. often face challenges in maintaining effective cybersecurity measures. Limited resources and a lack of specialized cybersecurity personnel can make these firms attractive targets for ransomware groups. Additionally, the increasing complexity of ransomware strains, such as those written in Golang, poses a significant threat to organizations that may not have advanced detection and mitigation capabilities.

Sources

• A&A Consultants, Inc.
• SOCRadar - Dark Web Profile: RansomHub
• LinkedIn - A&A Consultants, Inc.