Ax Sharma at Security Report revealed that Amey plc, a construction related firm based in England, was hit by a cyber attack in mid-December last year and news is out that the incident could be of ransomware genre. Thus, with the latest incident on its IT infrastructure, Amey has joined the list of other companies like Interserve, Bouygues UK and Bam Construct that were targeted by hackers.
The highlight in this incident is that from December 26th,2020, some stolen data appeared on the dark web that includes information related to the company’s digital correspondence with few of the London’s government departments and this includes contract info, passport scans, driving license scans, and financial reports along with employment records and clinical blue prints related to Manchester Metrolink Railways project.
Information Commissioner’s Office, the National Center for Cyber Security and the National Crime Agency were alerted by the IT staff of Amey about the data breach by the end of Dec’20.
Cybersecurity Insiders has learnt that the victim company has consulted some world’s leading Cybersecurity experts to investigate the incident.
Unconfirmed sources say that the Construction firm was hit by MountLocker ransomware that demands millions of dollars to unencrypt data or makes money by selling already stolen data.
Mount Locker ransomware encrypts the data with ChaCha20 algorithm that is hard to crack with freely available decryption tools on the web.
Note- The only way to keep such ransomware at bay is to keep 2-3 data backup copies offline to recover data when needed. Also, creating awareness among employees to not click on email links sent by unknown senders can help prevent the spread of file encrypting malware. Installing threat monitoring solutions and using genuine software that receives regular security fixes is much needed.