Cyber ​​attack by construction consultant Was public works data stolen?

Oriental Consultants Co., Ltd., a construction consulting company that undertakes construction management of public works projects from local governments nationwide, has revealed that there is a risk that business-related data may have been stolen due to a cyberattack caused by a ransom-demanding virus.

According to Oriental Consultants, on the 15th and 19th of this month, multiple servers including group companies were attacked by a cyber attack by a ransomware virus, and most of the stored data was encrypted and the data was stored. It means that it may have been stolen.

Oriental Consultants undertakes a wide range of planning and construction management of public works projects such as infrastructure development and disaster prevention from local governments nationwide.

According to Ichikawa City, Chiba Prefecture, the company reports that this cyber attack may have leaked materials related to the city's river embankments, survey data for town development, and a list of participants in tourism promotion workshops. It means that I received it.

According to the Ministry of Internal Affairs and Communications, there is a report that business-related data entrusted to this consultant company may have been leaked from multiple local governments nationwide, and we are collecting information.

According to the people concerned, the attack was probably caused by the hacker group "LockBit 2.0", which is currently causing a lot of damage in the world.

The company has set up a countermeasures headquarters and commented, "We deeply apologize for the inconvenience and concern that we have caused to all concerned parties."

What is the hacker group "LockBit 2.0"?

According to Takashi Yoshikawa of Mitsui Bussan Secure Direction, an information security company familiar with ransomware attacks, "LockBit 2.0" is a group of hackers who carry out cyber attacks using ransomware, a ransomware virus.

After the activity was first confirmed in September, the name was changed to "2.0" in June to activate the activity, and now there are more than 30 hacker groups using ransomware in the world. Among them, the most damage has been confirmed.

Invaded the network of the target organization in advance through a core server etc., stole the data, encrypted it, and threatened to publish the stolen data without paying the ransom, and made an attack statement on the homepage created on the dark site And so on.