ALPHV Claims The Company As Victim


Engineering Compliance Construction (ECCI), a company offering environmental and engineering solutions, was added to the victim list of the ALPHV ransomware group. It is not known how the alleged incident occurred and if system data was accessed in the ECCI ransomware attack.

ECCI ransomware attack
Screenshot of ALPHV adding ECCI to its victim list

Screenshot of ALPHV adding ECCI to its victim list

The Cyber Express reached out to the company seeking confirmation about the alleged ECCI ransomware attack. However, we have yet to receive a response. The official website of the U.S.-based company was accessible at the time of writing.

Other security breaches by ALPHV besides the ECCI ransomware attack

Early in April this year, the ALPHV ransomware group exploited three vulnerabilities in Veritas backup to gain initial access. They gained information about the target’s environment, disabled the security tools on the systems, and stole user credentials.

The group added the name of an Indian company, Sun Pharmaceutical Industries Limited to its victim list and threatened to release stolen data. “..but they apparently decided that we would tolerate their clown attitude towards us. So, it’s time to reveal some information about them,” ALPHV wrote in retaliation when the targeted company denied succumbing to the group’s demand.

A data center of NCR Corp. was targeted by ALPHV which resulted in an outage impacting its Aloha applications, the company’s incident report read. The ALPHV ransomware group claimed the ransomware attack and announced that they did not steal system data. Instead stole user credentials to leverage ransom payment.

ALPHV ransomware group

The ALPHV ransomware group that went on an affiliate recruiting spree in December 2021, added over twenty names to its victim list the next month in 2022. The group earlier claimed to offer nearly 90% of the ransom to the joining affiliates.

Speaking about the incentive offered to lure petty cybercriminals, Heath Renfrow, the co-founder of disaster recovery firm Fenix24 Inc., said, “The reasons they are so successful if we want to call it that, are multifold. They pay their affiliates better than most similar criminal networks, reportedly 80% to 90% of profits, versus 70% usually – a significant incentive to set up a new affiliate.”

ALPHV first gained a mention in the news media in November 2021 and soon worked its name up the ransomware ladder with increased cyberattacks. Moving from double extortion to triple extortion, ALPHV employed ransomware that was written in Rust with an access token of 32-byte value.

Rust makes it more difficult to detect the ALPHV ransomware by security solutions that let the group further the attack on both Windows and Linux effectively.





Source link