Amey, the UK infrastructure management company, was hit by a cyber-attack from the Mount Locker ransomware group in mid-December. This is the latest in a string of attacks targeting construction firms.
According to the Security Report website, which first published details of the attack, it was apparently a complex cyber attack. The attack appears to have started on 16 December 2020, when Mount Locker breached Amey’s computer systems.
The ransomware group then started publishing parts of Amey’s data on their leak site on or around 26 December.
Some documents published online
According to reports, the leaked documents included contracts, financial documents, confidential partnership agreements and NDAs. Plus correspondence between Amey and UK government departments and councils.
Some suggest the leak also included scans of passports, driving licenses, employment records and technical blueprints. Including blueprints of Manchester Metrolink railways.
However, the company has clarified that this incident did not impact Amey’s Defence IT environment. It added that Amey Defence data is stored separately in the Defence IT Environment.
Estimates suggest the size of the entire stolen data set is 143 GB. About half (65 GB) has now been published on the leak site.
What can Amey do?
Typically, ransomware operators start leaking data in parts when they fail to negotiate a ransom amount. Another tactic is to auction the data on the darknet if the victim refuses to pay.
Understandably, Amey is keeping tight-lipped about any ransom negotiations and are consulting leading security experts.
Amey Plc is a subsidiary of Spanish multinational Ferrovial. Amey is one of the UK’s largest infrastructure firms serving public and regulated sectors. The $2 billion company employs over 16,000 people and is heavily involved in areas of civil engineering, transportation, defence, power, and waste management.
The group behind this data breach, Mount Locker, has been known to demand multi-million dollar ransom payments from its victims in the past.
We understand the incident has been reported to the Information Commissioner’s Office (a requirement under GDPR legislation), the National Centre for Cyber Security, and the National Crime Agency.
The response from the construction sector
According to ThisWeekinFM, the security incident remained unresolved on 26 January 2021, which may mean parts of their system are still offline. The website JointWasteSolutions stated that certain garden waste collection customers are unable to make payments due to this issue. This includes residents of Surrey Heath and Woking.
However, Amey was quick to confirm to ThisWeekinFM that no residential data was at risk.
As previously highlighted on the Construction News website, major contractors Bouygues UK, Bam and Interserve all fell victim to cyber-attacks during four months in 2020. Some experts have suggested greater collaboration on security issues in the construction sector could help limit attacks.