Montrose Environmental Group Inc. of North Little Rock announced late Tuesday that it was the victim of a ransomware attack by “highly sophisticated bad actors” but does not expect the attack to cause a major disruption.
The publicly traded firm helps its business clients understand, measure and manage their environmental footprint or risk.
The attack occurred over the weekend, and it mostly affected computers and servers within its Enthalpy Analytical laboratory network. Montrose does not believe the attack affected backed up data or cloud-based enterprise systems, including email.
The company said it immediately suspended all affected systems; notified law enforcement; activated its global network of IT professionals and data recovery and continuity protocols; and engaged third-party experts in response.
Montrose expects delays in certain lab results. It said it is notifying clients of any impact the attack may have on them and is working to restore all affected systems as soon as possible.
If the investigation shows that third-party data or information has been affected, the company plans to notify the affected third parties and appropriate regulatory bodies.
“Though we anticipate limited impact and rapid recovery from the attack, we are closely monitoring our networks with third-party security experts, and circumstances may change as we learn more about the incident,” a statement from the firm reads. “We offer our sincere apologies to customers of our laboratories and sites that have been or may be impacted by the consequences of this sophisticated cyber attack.”
Sopisticated is also the adjective Arkansas Business Editor Lance Turner used in a recent column to describe bad actors who are perpetuting today's cyber attacks.
That column followed Senior Editor Mark Friedman's reporting on how cybercrime is on the rise and his sharing tips for how businesses of all sizes can protect themselves from ransomware and business email compromise.