Ransomware Attack on Biggs Cardosa Associates by BlackSuit Group

Attack Overview

An engineering consulting firm based in California, Biggs Cardosa Associates, recently fell victim to a ransomware attack by a group known as BlackSuit. The attack resulted in the exfiltration of 474 GB of data, which was subsequently published online.

Company Profile

Biggs Cardosa Associates is recognized for its expertise in structural, civil, and transportation engineering services. Operating from San Jose, this medium-sized firm is a notable player in the construction sector, likely generating tens of millions in annual revenue. The firm's significant data handling and storage capabilities, combined with its industry prominence, may have made it an attractive target for cybercriminals.

The BlackSuit Ransomware Group

BlackSuit ransomware, which emerged in 2023, targets both Windows and Linux systems, including VMware ESXi servers. It is closely related to the Royal ransomware group, sharing up to 99.5% of code similarities. This malware appends a .blacksuit extension to encrypted files and directs victims to a Tor chat site for ransom negotiations.

Implications for the Industry

The attack on Biggs Cardosa Associates exposes the vulnerability of engineering firms to sophisticated cyber-attacks. The ability of BlackSuit to target critical infrastructure such as VMware ESXi servers poses a significant threat, not just to individual firms but to the construction and engineering sector at large.

Sources

• ZoomInfo: Biggs Cardosa Associates, Inc.
• Dun & Bradstreet: Company Profiles
• Growjo: Biggs Cardosa Associates
• Clodura.ai: Company Directory
• BizJournals: Company Profile
• Security Affairs: BlackSuit Similar to Royal Ransomware
• BleepingComputer: The Week in Ransomware