New River Electrical notifies 10K people of data breach claimed by ransomware gang

New River Electrical Corporation, an electrical construction company from Virginia, this week confirmed it notified 9,845 people of an April 2024 data breach.

Ransomware gang BlackLock in August claimed responsibility for the breach, saying it stole 2.44 TB of confidential data.

New River has not verified BlackLock’s claim, and has not publicly disclosed what data was compromised. The company is offering victims free credit monitoring and identity restoration services via Equifax, which implies the attackers stole Social Security numbers and/or other sensitive data that could be used for identity theft.

We do not yet know whether New River paid a ransom, how much BlackLock demanded, or how attackers breached New River’s network. Comparitech contacted New River for comment and will update this article if it responds.

“On May 6, 2024, New River identified indications of potential system encryption due to a sophisticated cyber-attack by an unknown actor,” New River’s notice to customer states. “Through our investigation, we determined that the unknown actor gained access to certain systems between April 30, 2024, and May 6, 2024, and certain data on those systems was potentially viewed and downloaded.”

Who is BlackLock?

BlackLock, formerly known as El Dorado, sells ransomware-as-a-service to affiliates who use its malware and infrastructure to launch attacks and collect ransoms.

BlackLock has claimed nine confirmed ransomware attacks since it first surfaced in the mid-2023. It claimed another 42 unconfirmed attacks that weren’t acknowledged by victims.

BlackLock’s other recent targets include the city of Aberdeen, WA; accounting firm Howard, Howard, and Hodges; and the city of Pensacola, FL.

Ransomware attacks on US construction

Ransomware attacks on US construction companies can cause costly delays and downtime by locking down computer systems used for everything from communications to payroll and file storage. If the company refuses to pay the ransom, then it could spend months restoring systems and put data subjects at higher risk of fraud.

Comparitech researchers logged 22 confirmed ransomware attacks on US construction companies so far in 2024, exceeding last year’s total of 21. This year’s attacks compromised 54,298 records, compared to 73,941 in 2023.

Other such attacks in recent months include English Construction Company, which was breached by Lynx in September 2024, and Dome Construction, which was hit by Play ransomware in October 2024.

About New River Electrical Corporation

New River Electrical Corporation is an employee-owned electrical construction company in Ohio and Virginia. It employs more than 1,800 people.