CannonDesign, A Major Architectural Firm Falls Victim to Avos Locker Ransomware
CannonDesign, a renowned architectural, engineering, and consulting firm with a portfolio of high-profile projects, has confirmed a Avos Locker Ransomware data breach that occurred in early 2023.
The firm is sending out data breach notifications to over 13,000 clients, informing them that hackers gained unauthorized access to its network and stole sensitive information.
The breach, which involved the Avos Locker ransomware, took place between January 19th and 25th, 2023. While CannonDesign discovered the intrusion on January 25th, the investigation into the incident wasn’t completed until May 3rd, 2024.
Stolen Data and its Impact
The investigation revealed that the threat actors behind the attack potentially accessed personal data of clients, including names, addresses, social security numbers (SSNs), and driver’s license numbers. To mitigate the risk of identity theft, CannonDesign is offering impacted individuals 24-month credit monitoring through Experian.
The Avos Locker Ransomware Attack
A spokesperson for CannonDesign confirmed that the data breach was linked to the Avos Locker ransomware attack that occurred in early 2023. The Avos Locker ransomware gang claimed responsibility for the attack on February 2nd, 2023, stating that they had stolen 5.7 TB of data, including corporate and client files.
Data Leak and Publication
After failing to extort the architectural firm, the stolen data was subsequently published online multiple times. Dunghill Leaks, a data leak site launched by the Dark Angels ransomware group, published 2 TB of data stolen from CannonDesign on September 26th, 2023.
The leaked data included a range of sensitive information, such as:
- Database dumps
- Project schematics
- Hiring documents
- Client details
- Marketing materials
- IT and infrastructure details
- Quality assurance reports
The same dataset was also published on hacker forums in the dark web, including ClubHydra, in February 2024. A portion of the dataset was even shared via torrent on Breached Forums in July 2024.
CannonDesign’s Response
While CannonDesign has not publicly named the cybercriminals responsible for the attack, they have confirmed that the data breach is linked to the Avos Locker ransomware attack. The firm has also stated that they are not aware of any attempted misuse of the stolen information, although the data has been published online multiple times.
Key Takeaways
This incident highlights the ongoing threat posed by ransomware attacks and the potential for data breaches to impact even large and well-established organizations. The delay in notifying clients about the breach raises concerns about CannonDesign’s response to the incident.
The publication of stolen data on multiple platforms, including dark web forums and torrent sites, underscores the need for organizations to take proactive steps to protect their data and mitigate the risks associated with ransomware attacks.
This incident serves as a reminder for all organizations to:
- Implement robust cybersecurity measures
- Regularly review and update security protocols
- Have a comprehensive incident response plan in place
- Educate employees about cybersecurity best practices
- Be prepared to respond quickly and effectively to data breaches