Ransomware Attack on Environmental Code Consultants Inc. by Meow Group

Environmental Code Consultants Inc. (ECC), a New York-based consulting firm specializing in environmental and construction-related services, has fallen victim to a ransomware attack orchestrated by the notorious Meow Ransomware group. The attack has resulted in the exfiltration of over 105 GB of sensitive data, including employee and client details, personal identification documents, project blueprints, internal financial records, and various contractual agreements.

About Environmental Code Consultants Inc.

ECC is a multifaceted consulting firm that provides a range of services critical to the construction sector. Their core offerings include environmental consulting, such as asbestos, lead, and mold testing, and construction consulting, which involves assisting clients with Department of Buildings (DOB) filings, special inspections, and workplace safety plans. The firm is recognized for its ability to deliver accurate testing results, often with same-day reporting, and for managing complex projects that require variances or special permissions.

ECC operates as a small to medium-sized enterprise with a significant presence in New York City. Their clientele includes contractors, developers, hospitals, and educational institutions, allowing them to apply their integrated expertise across multiple sectors. This broad base enhances project outcomes from inception through to completion, positioning ECC as a leader in their field.

Attack Overview

The Meow Ransomware group claims to have infiltrated ECC's systems, exfiltrating over 105 GB of sensitive information. The compromised data includes employee and client details, personal identification documents, project blueprints, internal financial records, and various contractual agreements. This breach not only jeopardizes the privacy of ECC's clients and employees but also poses significant risks to ongoing and future construction projects.

About Meow Ransomware Group

Meow Ransomware emerged in late 2022 and has been associated with the Conti v2 ransomware variant. The group is known for targeting industries with sensitive data, such as healthcare and medical research, and has a history of posting victim data on their leak site if the ransom is not paid. Meow Ransomware employs various infection methods, including phishing emails, exploit kits, Remote Desktop Protocol (RDP) vulnerabilities, and malvertising. Once a system is compromised, the ransomware encrypts files using a combination of the ChaCha20 and RSA-4096 algorithms.

Penetration and Vulnerabilities

While the specific method of penetration in ECC's case has not been disclosed, it is likely that the Meow Ransomware group exploited common vulnerabilities such as weak RDP configurations, unpatched software, or phishing attacks. ECC's extensive handling of sensitive data and their reliance on digital systems for project management and regulatory compliance may have made them an attractive target for the ransomware group.

Sources

• Environmental Code Consultants Inc.
• The Blue Book: Environmental Code Consultants Inc.
• SOCRadar: Dark Web Profile - Meow Ransomware
• SalvageData: Meow Ransomware
• WatchGuard: Meow Ransomware