REvil Ransomware Operators Breached T-O Engineers, a Leading American Civil Engineering Organization

The REvil ransomware operators recently struck T-O Engineers and downloaded sensitive and confidential data from their database system.

TO-Engineers was founded in 1984 and is a full-service civil engineering firm with a dynamic team of over 130 talented professionals across Idaho, Washington, Wyoming, and Utah. With decades of experience providing quality consulting, planning, and engineering services throughout the Pacific Northwest and Mountain West, T-O Engineers provides you a level of expertise and network of contacts you expect from a large firm while providing responsive, personalized service you expect from a local company. They work to understand their customer’s goals and projects, and then deliver the service which helps their customer’s projects to achieve success.

The REvil ransomware operators posted a blog stating the data leak of the company, as shown below-:

The Cyble Research Team has verified the data leak of around 60GB. The data leak includes multiple financial documents such as their financial statements, bank reconciliation statements, audit reports, payroll records, and many more. Along with that, the data leak also includes sensitive information such as their login details of online banking, tax commissions, and many more. Below is the snapshot of the home folders and few of the sensitive files from the lot being leaked by REvil-:

Snapshot of TO-Engineers Payroll record
Snapshot of TO-Engineer’s Login Details of Multiple Websites
Financial Statements of TO-Engineer

About Cyble:

Cyble Inc.’s mission is to provide organizations with a real-time view of their supply chain cyber threats and risks. Their SaaS-based solution powered by machine learning and human analysis provides organizations’ insights to cyber threats introduced by suppliers and enables them to respond to them faster and more efficiently.

Cyble strives to be a reliable partner/facilitator to its clients allowing them with unprecedented security scoring of suppliers through cyber intelligence sourced from open and closed channels such as OSINT, the dark web and deep web monitoring and passive scanning of internet presence. Furthermore, the intelligence clubbed with machine learning capabilities fused with human analysis also allows clients to gain real-time cyber threat intel and help build better and stronger resilience to cyber breaches and hacks. Due to the nature of the collected data, the company also offer threat intelligence capabilities out-of-box to their subscribers.

Scroll to Top