Ransomware Hits Air Specialists by Hunters International Group
Ransomware Attack on Air Specialists Heating & Air Conditioning by Hunters International
Air Specialists Heating & Air Conditioning, a prominent HVAC service provider based in Quincy, Illinois, has fallen victim to a ransomware attack orchestrated by the Hunters International group. This incident has significantly disrupted the company's operations, affecting its ability to manage customer service requests and maintain its service schedule.
Company Profile and Industry Standing
Founded in 1991, Air Specialists Heating & Air Conditioning has established itself as a reliable provider of heating, cooling, and indoor air quality solutions. With a workforce of approximately 50 employees, the company operates from an 8,000-square-foot headquarters in Quincy and a 12,500-square-foot facility in Hannibal, Missouri. Known for its commitment to customer satisfaction and quality service, Air Specialists has built a strong reputation in the HVAC industry, particularly for recommending and installing Trane equipment.
Attack Overview
The ransomware attack, attributed to Hunters International, has led to the encryption of critical operational data, including customer databases and internal communication systems. Initial investigations indicate that the attackers gained access through a phishing email, which facilitated the deployment of ransomware across the company's network. The attackers have demanded a ransom in cryptocurrency, threatening to release sensitive customer information if their demands are not met. Air Specialists is currently collaborating with cybersecurity experts to assess the breach's extent and explore decryption options.
Hunters International: A Notorious Ransomware Group
Emerging in October 2023, Hunters International is a Ransomware-as-a-Service (RaaS) group known for its sophisticated attacks and double extortion tactics. The group utilizes code from the defunct Hive ransomware, allowing it to execute complex attacks across various industries, including healthcare, finance, and manufacturing. Hunters International's malware, developed in Rust, is highly adaptable, enabling cross-platform targeting of Windows and Linux environments. The group typically gains initial access through phishing campaigns, RDP exploitation, and social engineering techniques.
Vulnerabilities and Penetration
Air Specialists' vulnerabilities stem from its reliance on digital systems for managing customer interactions and service schedules. The phishing email that initiated the attack highlights the importance of comprehensive cybersecurity measures and employee training to prevent such breaches. The attack underscores the need for companies in the consumer services sector to enhance their cybersecurity posture to protect against sophisticated threat actors like Hunters International.
Sources
See Halcyon in action
Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!