Ransomware Attack on Stahly Engineering: dAn0n Group Exfiltrates 1.2 TB Data
Ransomware Attack on Stahly Engineering & Associates by dAn0n Group
Stahly Engineering & Associates, a prominent civil engineering and surveying firm based in Helena, Montana, has recently fallen victim to a ransomware attack orchestrated by the dAn0n group. The attackers claim to have exfiltrated 1.2 TB of sensitive data, posing a significant threat to the firm's operations and client confidentiality.
Company Profile
Founded in 1970, Stahly Engineering & Associates is an employee-owned firm with additional offices in Bozeman, Billings, Great Falls, and Cody, Wyoming. The company specializes in various engineering fields, including transportation, site development, municipal, and structural engineering, as well as surveying and construction inspection services. With a strong emphasis on community involvement and high-quality service delivery, Stahly Engineering has built a reputation for excellence in the construction sector.
Attack Overview
The dAn0n ransomware group, known for its aggressive tactics and rapid publication of stolen data, has claimed responsibility for the attack on Stahly Engineering. The group operates a Ransomware-as-a-Service (RaaS) model, enabling other threat actors to utilize their malware. The breach has potentially compromised a significant amount of critical data, including client information and project details, which could have severe repercussions for the firm's operations and reputation.
Ransomware Group Profile
The dAn0n group emerged in April 2023 and has quickly gained notoriety for its aggressive approach to ransomware attacks. The group has already posted information about 12 victims on their data leak site, primarily targeting the business services sector in the United States. Unlike other ransomware groups, dAn0n's data leak site lacks emphasis on design or branding, suggesting a focus on attack methodologies over aesthetics. No decryptor is currently available for their ransomware, making it a formidable threat.
Potential Vulnerabilities
Stahly Engineering's commitment to community involvement and high-quality service delivery may have inadvertently made them a target for ransomware attacks. As an employee-owned firm, the company likely handles a significant amount of sensitive data, including client information and project details. This data is highly valuable to threat actors, making the firm an attractive target. Additionally, the firm's multiple office locations could present potential vulnerabilities in their cybersecurity infrastructure, providing multiple entry points for attackers.
Penetration Methods
While the exact method of penetration used by the dAn0n group in this attack is not publicly disclosed, common tactics include phishing emails, exploiting software vulnerabilities, and leveraging weak or stolen credentials. Given the group's aggressive approach, it is likely that they employed a combination of these methods to infiltrate Stahly Engineering's systems and exfiltrate the data.
See Halcyon in action
Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!