RansomHub Ransomware Attack on Pro-MEC Engineering Services

Pro-MEC Engineering Services, a well-regarded engineering firm in Grand Ledge, Michigan, has allegedly been targeted by a ransomware attack from the infamous RansomHub group. This incident underscores the ongoing threat of ransomware to businesses across various industries, highlighting the necessity for effective cybersecurity strategies.

About Pro-MEC Engineering Services

Founded in 2000, Pro-MEC Engineering Services has evolved into a diverse engineering firm specializing in air pollution control, installation, and a broad spectrum of other services. The company operates nine distinct business units, providing services such as turnkey installations, testing and balancing, commissioning, and the fabrication of steel and plastic components. With a facility exceeding 30,000 square feet, Pro-MEC is capable of managing projects of any scale, offering custom design and fabrication solutions tailored to client requirements. The firm employs around 95 individuals and generates annual revenues estimated between $5 million to $25 million.

Attack Overview

The RansomHub ransomware group has purportedly taken responsibility for the attack on Pro-MEC, claiming to have exfiltrated sensitive data from the company. The attackers have issued a threat to release the data publicly within 10 to 11 days if their demands are not satisfied. The compromised data reportedly includes several documents, such as "240165-00 9936.pdf" and "RFW City of Lansing ©2HH@42624B3 Lansing PSB ~ Salesforce - Professional Edition.pdf".

RansomHub Ransomware Group

RansomHub, a Ransomware-as-a-Service (RaaS) group, emerged in February 2024 and quickly positioned itself as a significant entity in the ransomware domain. Known for its aggressive affiliate model and double extortion tactics, RansomHub encrypts victims' data while exfiltrating sensitive information to enhance leverage in ransom negotiations. The group is linked with former Knight ransomware actors and ALPHV/BlackCat, employing sophisticated techniques to infiltrate systems and avoid detection.

Potential Vulnerabilities

Pro-MEC's extensive operations and dependence on critical data make it an attractive target for ransomware groups like RansomHub. The attack might have been facilitated through common vectors such as phishing campaigns, vulnerability exploitation, or password spraying. The company's global operations and diverse service offerings could have exposed it to various cybersecurity risks, emphasizing the importance of maintaining vigilant security practices.

Sources

• https://www.ransomware.live/id/cHJvLW1lYy5jb21AcmFuc29taHVi