RansomHub Ransomware Attack on Temp Air Company

Temp Air Company, a well-established mechanical contracting firm based in Owings Mills, Maryland, has recently fallen victim to a ransomware attack orchestrated by the notorious RansomHub group. The attack, discovered on November 20, resulted in the leakage of 40GB of sensitive data, marking a significant breach in the company's cybersecurity defenses.

About Temp Air Company

Founded in 1980, Temp Air Company has carved a niche in the construction sector, specializing in HVAC, plumbing solutions, and underground construction services. The company is recognized for its design-build approach, which integrates design and construction processes to streamline project timelines and reduce costs. With a focus on quality and safety, Temp Air has built long-term relationships with subcontractors and design professionals, enhancing its reputation as a reliable contractor.

RansomHub Overview

RansomHub, a Ransomware-as-a-Service (RaaS) group, emerged in February 2024 and quickly gained notoriety for its aggressive affiliate model and double extortion tactics. The group is known for its speed and efficiency, employing advanced encryption and data exfiltration techniques. RansomHub's operations are characterized by their adaptability, targeting high-value sectors such as healthcare, financial services, and government.

Attack Overview

The attack on Temp Air Company highlights the vulnerabilities faced by firms in the construction sector. RansomHub likely exploited unpatched systems or used phishing campaigns to gain initial access. Once inside, the group would have conducted network reconnaissance and privilege escalation before exfiltrating data and encrypting files.

Sources:

• Halcyon AI - Ransomware Malicious Quartile Q3 2024
• Halcyon AI - New RansomHub TTPs
• Temp Air Company - Official Website
• Procore - Temp Air Company Profile
• CISA - Cybersecurity Advisories