Ransomware Hits EARTHWORKS Group by Sarcoma Cybercriminals

Incident Date: Oct 09, 2024

Attack Overview
VICTIM
EARTHWORKS Group
INDUSTRY
Construction
LOCATION
USA
ATTACKER
Sarcoma
FIRST REPORTED
October 9, 2024

Ransomware Attack on EARTHWORKS Group by Sarcoma

EARTHWORKS Group, a prominent player in the construction and environmental services sector, has recently fallen victim to a ransomware attack orchestrated by the newly emerged cybercriminal group known as "Sarcoma." This incident highlights the growing threat landscape faced by organizations across various industries.

About EARTHWORKS Group

Established in 1996 and headquartered in Murrells Inlet, South Carolina, EARTHWORKS Group is a multifaceted consulting firm specializing in engineering, architecture, environmental management, and construction management services. With over 10,000 projects completed and a team of more than 29 professionals, the company has built a strong reputation for delivering comprehensive solutions to both public and private sector clients. Their expertise spans federal, municipal, commercial, residential, institutional, industrial, and environmental projects, with a notable focus on sustainable practices and regulatory compliance.

Attack Overview

The ransomware attack on EARTHWORKS Group was claimed by Sarcoma on their dark web leak site. This group has quickly gained notoriety for its aggressive tactics and significant data breaches, targeting over 30 organizations across various industries. The attack on EARTHWORKS Group underscores the vulnerabilities faced by companies operating in sectors with complex regulatory environments and extensive data handling requirements.

About Sarcoma Ransomware Group

Sarcoma is a recently emerged ransomware group that has distinguished itself through its aggressive approach and focus on data exfiltration. The group employs a double extortion strategy, encrypting files and threatening to leak sensitive information if ransom demands are not met. Sarcoma's operations are characterized by a lack of publicly listed ransom amounts, instead leveraging data leaks as a primary means of coercion. Their darknet presence serves as a platform to list victims and provide evidence of stolen data, promoting themselves as a means to highlight poor security practices among organizations.

Potential Vulnerabilities

EARTHWORKS Group's extensive involvement in diverse projects and sectors may have contributed to its vulnerability to cyberattacks. The company's reliance on digital infrastructure for project management and regulatory compliance could have provided entry points for Sarcoma's ransomware. The attack serves as a reminder of the critical importance of cybersecurity measures, particularly for organizations handling sensitive data across multiple sectors.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

1
2
3
Let's get started
1
1
2
3
1
1
2
2
3
Back
Next
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.