Ransomware Attack on Provencher Roy by BlackBasta

Incident Date: May 20, 2024

Attack Overview

VICTIM

Provencher Roy

INDUSTRY

Construction

LOCATION

Canada

ATTACKER

Blackbasta

FIRST REPORTED

May 20, 2024

Request Removal

Ransomware Attack on Provencher Roy by BlackBasta

Victim Overview

Provencher Roy, a prominent Canadian architecture and design firm, recently experienced a ransomware attack orchestrated by the cybercrime group BlackBasta. The company, founded in 1983 by Claude Provencher and Michel Roy, specializes in innovative and sustainable architectural solutions for various projects in the commercial, residential, cultural, and institutional sectors. Provencher Roy is known for its transdisciplinary approach, focusing on sustainability and radical reuse of existing structures.

Company Size and Standout

With a total of thirty-three partners as of March 2022, Provencher Roy has grown significantly over the years. The firm has received numerous awards, including the Royal Architectural Institute of Canada Architectural Firm of the Year Award and the Governor General's Medals in Architecture. Their expertise in sustainable development and diverse services contribute to their financial success and industry recognition.

Attack Overview

During the ransomware attack on Provencher Roy, BlackBasta infiltrated the company's systems and exfiltrated 3 terabytes of data. The stolen information includes sensitive project details, CAD drawings, 3D models, corporate data, and personal employee documents. This breach poses a significant threat to the company's operations and data security.

Ransomware Group BlackBasta

BlackBasta is a ransomware operator and Ransomware-as-a-Service (RaaS) criminal enterprise that emerged in early 2022. The group targets organizations in various countries, employing highly targeted attacks and utilizing double extortion tactics. BlackBasta has been linked to significant cyber incidents, impacting critical infrastructure sectors and causing financial losses to victim organizations.

Penetration and Vulnerabilities

BlackBasta likely gained access to Provencher Roy's network through spear-phishing campaigns, insider information, or by purchasing network access. Once inside the system, the group used tools like QakBot and Mimikatz to move laterally, harvest credentials, and maintain control over compromised systems. The attack highlights the vulnerabilities in Provencher Roy's cybersecurity defenses and the importance of robust security measures to prevent future breaches.

Sources:

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.