Ransomware Attack on Aedifica Montreal by RansomHub: An In-depth Analysis

Company Profile: Aedifica Montreal

Aedifica Montreal, a prominent architecture and design firm based in Montreal, Canada, has established itself as a leader in the construction sector with a focus on sustainable and innovative design solutions. Founded in 1985, the company employs 148 people and boasts a revenue of $26.9 million. Aedifica's diverse portfolio includes commercial, residential, institutional, and hospitality projects, emphasizing a client-centric approach that integrates architecture, interior design, and strategic planning under one roof. Their commitment to sustainability is reflected in their adoption of green building practices and technologies, which not only reduce environmental impact but also lower operating costs for clients.

Details of the Ransomware Attack

The ransomware group RansomHub has targeted Aedifica Montreal, claiming responsibility for a significant breach on their dark web leak site. The attackers have criticized Aedifica for its alleged lax security measures concerning data protection. According to RansomHub, they accessed the company's network for an extended period, during which they extracted detailed information on Aedifica's projects and client data spanning over a decade. The stolen data includes sensitive documents such as non-disclosure agreements, confidentiality agreements, floor plans, and project layouts. High-profile projects involving clients like Zurich Insurance and Adidas Originals were also compromised. RansomHub has threatened to release the data in segments if their demands are not met.

Profile and Tactics of RansomHub

RansomHub, a relatively new player in the cyber threat landscape, operates as a Ransomware-as-a-Service (RaaS) group. With suspected roots in Russia, the group allows affiliates to retain 90% of ransom payments, with the remaining 10% going to the core operators. RansomHub's ransomware is developed using Golang, a programming language increasingly favored by cybercriminals for its efficiency and versatility. The group has targeted various sectors and countries, demonstrating a capability to execute widespread and effective ransomware campaigns.

Potential Vulnerabilities and Entry Points

The extensive duration RansomHub spent within Aedifica's network suggests possible vulnerabilities in the firm's cybersecurity defenses. These could include inadequate endpoint protection, lack of employee training on phishing attacks, or insufficient network monitoring and response. The detailed nature of the stolen data also indicates that the attackers likely had access to privileged user credentials, which could have been obtained via spear phishing or exploiting unpatched systems.

Sources

• Aedifica Official Website
• Bloomberg - Aedifica Inc. Profile
• LinkedIn - Aedifica Company Page
• ZoomInfo - Aedifica Case Engineering
• RocketReach - Aedifica Profile