Ransomware Attack on Dreyfuss + Blackford Architecture by Hunters International

Dreyfuss + Blackford Architecture, a renowned architectural firm based in Northern California, has recently fallen victim to a ransomware attack orchestrated by the cybercriminal group Hunters International. This attack has resulted in the compromise of a substantial amount of sensitive data, highlighting the vulnerabilities faced by organizations in the business services sector.

About Dreyfuss + Blackford Architecture

Founded in 1950, Dreyfuss + Blackford Architecture is a prominent firm known for its modernist aesthetic and commitment to thoughtful design. With offices in Sacramento and San Francisco, the firm employs between 1 to 50 staff members and reports annual revenues ranging from $5 million to $25 million. Their diverse portfolio includes projects in commercial, healthcare, educational, and cultural sectors, emphasizing the connection between people and their environments. The firm's philosophy, "Utility is Beautiful," underscores their approach to creating functional yet aesthetically pleasing spaces.

Details of the Ransomware Attack

The attack by Hunters International has compromised 652.8GB of data across 168,887 files, including 34.5GB of private data and 25.4GB of marketing data. The breach also affected information related to the Chief Financial Officer, though specific details remain undisclosed. This incident underscores the extensive reach of the ransomware attack, impacting various categories of sensitive and operational data within the organization.

About Hunters International

Hunters International is a ransomware group that emerged in late 2023, known for its sophisticated operations and data leak strategies. Operating as a Ransomware-as-a-Service provider, the group prioritizes data exfiltration over encryption, leveraging stolen data for ransom negotiations. Their ransomware employs advanced AES and RSA encryption techniques, written in Rust for enhanced performance and security. The group is believed to have origins in Eastern Europe, complicating law enforcement efforts to disrupt their operations.

Potential Vulnerabilities and Attack Penetration

Hunters International likely penetrated Dreyfuss + Blackford's systems through tactics such as phishing, exploiting vulnerabilities in public-facing applications, or social engineering. The firm's relatively small size and focus on diverse projects may have made it an attractive target for threat actors seeking to exploit potential security gaps. The attack highlights the importance of comprehensive cybersecurity measures to protect sensitive data and maintain operational integrity.

Sources

• Dreyfuss + Blackford Architecture
• Hunters International: Your Data is the Prey
• Hunters International Ransomware Attack
• Hunters International: New Ransomware Based on Hive Source Code
• Dreyfuss + Blackford Architects