BlackCat/ALPHV Ransomware Victim: McDermott International, Ltd

DeepFriendLettuce · May 16, 2023

Summary

Concerns have been raised regarding McDermott International, a Bermuda-based company that offers engineering and construction services to the energy sector and employs more than 40,000 individuals. The company has made questionable decisions regarding its cybersecurity practices. They have chosen to engage ClownStrike, an external disaster recovery team, instead of utilizing their internal resources, leading to significant financial burdens. The internal team at McDermott seems unproductive, and their resource allocation is questionable, as they have outsourced Network Operations Center (NOC) and Security Operations Center (SOC) to Tata Consultancy Services (TCS) despite having an in-house SOC. McDermott has a long-standing relationship with ClownStrike, relying on their services since 2016, which further emphasizes their dependence on external services and associated costs.

There are plans to release confidential documents and evidence of corruption in the coming weeks. McDermott has the option to address the situation or continue relying on ClownStrike, which may not be the most effective solution. The company has invested in multiple security solutions and external services but has shown poor money management skills in the past. The author suspects corruption and questionable arrangements with companies and nations in McDermott's dealings.

The author believes McDermott's team is incompetent and may be hiding the situation from executives and staff, disguising it as network maintenance. The release of documents will expose their inadequacies and shed light on the corruption, suspicious non-disclosure agreements (NDAs), and other questionable activities.

Quotes

Quote

"While I don’t expect McDermott to reach out to us, and I don’t really care if they do, I must say that some companies might garner sympathy in such situations. However, in this case, it seems like McDermott’s actions warrant a closer look. We plan to release confidential documents and evidence of corruption in the coming weeks."

My thoughts

This article sheds light on the potential vulnerabilities and risks that companies face in terms of cybersecurity and resource management. It highlights the consequences of relying heavily on external services and the financial burdens it can impose. The case of McDermott International as a cautionary tale, emphasizing the importance of maintaining competent internal teams and making informed decisions regarding cybersecurity practices.

In the broader tech industry, this news underscores the significance of investing in robust internal capabilities and effective resource allocation to mitigate cybersecurity risks. It prompts organizations to critically evaluate their reliance on external providers and consider the potential drawbacks and costs involved.

As for the future development of this story, it is likely that the release of confidential documents and evidence of corruption will generate further scrutiny and potentially legal consequences for McDermott International. The company may face reputational damage and be forced to reevaluate their cybersecurity strategy and internal team competency. This incident could also serve as a case study for other companies, leading to increased awareness and proactive measures in addressing cybersecurity vulnerabilities.

Sources

https://www.redpacketsecurity.com/alphv-ransomware-victim-mcdermott-international-ltd/

williamcll · May 16, 2023

Never heard of any of these companies before. I don't think McDermott is a proper cybersecurity company either.

DeepFriendLettuce · May 17, 2023

15 hours ago, williamcll said:

Never heard of any of these companies before. I don't think McDermott is a proper cybersecurity company either.

McDermott has over 40,000 employees that provides engineering and construction solutions to the energy industry.
"Clownstrike" that is mentioned in the article a few times is actually Crowdstrike.

I'm assuming you're joking when you state that you've never heard of Splunk, Crowdstrike, Sentinel One, Trellix/McAfee, Cisco Umbrella, Cisco AMP, Cisco IronPort, Microsoft ATP, or Tanium.

williamcll · May 18, 2023

14 hours ago, DeepFriendLettuce said:

McDermott has over 40,000 employees that provides engineering and construction solutions to the energy industry.
"Clownstrike" that is mentioned in the article a few times is actually Crowdstrike.

I'm assuming you're joking when you state that you've never heard of Splunk, Crowdstrike, Sentinel One, Trellix/McAfee, Cisco Umbrella, Cisco AMP, Cisco IronPort, Microsoft ATP, or Tanium.

god I hate tanium