Ransomware Attack on EBA Ernest Bland Associates by Cicada3301

EBA Ernest Bland Associates, P.C. (EBA), a prominent architectural and engineering firm based in Silver Spring, Maryland, has fallen victim to a ransomware attack by the notorious group Cicada3301. The attack, which occurred on August 22, 2024, resulted in the exfiltration of 270 GB of sensitive data, which the attackers have threatened to release publicly if the company does not make contact with them soon.

About EBA Ernest Bland Associates

Founded in 1988, EBA Ernest Bland Associates is a full-service architectural and engineering firm known for its comprehensive portfolio that includes architectural design, planning, project management, and consulting. The firm is particularly noted for its expertise in technical facilities such as data centers and has completed projects across the United States and internationally, including in Puerto Rico and the Philippines. EBA operates under the legal name EBA Ernest Bland Associates, P.C., and is classified as a small business with fewer than 500 employees. The firm is also certified as a minority-owned business and a self-certified small disadvantaged business.

Attack Overview

The ransomware group Cicada3301 claimed responsibility for the attack via their dark web leak site. They have reportedly exfiltrated and published 270 GB of EBA's data, which includes sensitive information pertinent to the firm's operations in the design and construction field. The attackers have threatened to release the data publicly if the company does not make contact with them soon. The firm's website, https://www.ebapc.com, may provide further updates on the situation.

About Cicada3301

Cicada3301 is a relatively new threat actor group that emerged in June 2024. Unlike traditional ransomware groups that focus on encrypting data and demanding ransom for decryption, Cicada3301 operates as a data broker. Their primary mode of operation involves stealing sensitive data from targeted organizations and selling it on dark web marketplaces. This approach signifies a shift from conventional ransomware tactics to more sustained and long-term damage strategies, emphasizing the sale and distribution of exfiltrated data.

Cicada 3301

To clarify, the name “Cicada 3301” was originally associated with an online puzzle that gained notoriety between 2012-2014. However, the name has since been appropriated by a separate and unrelated ransomware group, which has been the focus of recent reports, including ours.

Halcyon fully respects the legacy of the original “Cicada 3301” organization and recognizes their distinction from the activities of the ransomware group using the same name. Our reporting on the ransomware group is consistent with fair use, aiming to inform the public about cybersecurity threats.  For those interested in the original “Cicada 3301” and their official stance on this matter, we encourage you to visit their statement here.

We appreciate your understanding as we strive to maintain clarity and accuracy in our reporting.

Penetration and Vulnerabilities

While specific details on how Cicada3301 penetrated EBA's systems are not publicly disclosed, common vulnerabilities that could have been exploited include outdated software, weak passwords, and insufficient network security measures. Given EBA's extensive involvement in technical facilities and data centers, the firm likely holds a significant amount of sensitive information, making it an attractive target for data brokers like Cicada3301.

 
• EBA Ernest Bland Associates, P.C.
 
• Procore Network - EBA Ernest Bland Associates, P.C.
 
• HigherGov - EBA Ernest Bland Associates, P.C.
 
• LinkedIn - EBA Ernest Bland Associates