Cyber Incident Victim: Sheppard Robson
Date:
Jul 2022
Location:
United Kingdom
Summary
A major UK architecture firm experienced a ransomware attack, prompting immediate network disconnection and system shutdowns to contain the breach. The organization, which maintains government-approved security protocols, detected anomalous activity and subsequently restored server access while maintaining project continuity through mitigation efforts. Refusing to pay the ransom demand, the firm involved law enforcement and initiated cybersecurity enhancements with IT specialists to counter evolving criminal tactics. Despite robust existing measures, attackers compromised the network, underscoring persistent threats to data protection in professional environments. Operational resilience was maintained through rapid response and recovery planning aimed at restoring normal business functions.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On July 24, 2022, Sheppard Robson’s IT team detected unusual activity on their network, prompting an immediate response to contain a ransomware attack. The company disconnected its systems from the internet and shut down all operational systems to limit the attack’s impact. By August 5, Sheppard Robson publicly disclosed the incident, confirming it had restored server access and maintained project continuity through its team’s efforts. The firm emphasized implementing a clear recovery plan to resume normal operations, though it did not specify the duration of the disruption or the exact systems compromised. No data theft or encryption details were disclosed, but the attackers followed typical ransomware protocols by contacting the company to demand payment. Sheppard Robson refused to negotiate with the criminals and reported the incident to law enforcement authorities.
Sheppard Robson, a UK-based architecture firm founded in 1938 with nearly 400 employees, highlighted its adherence to government-approved cybersecurity procedures and certifications prior to the attack. Despite these measures, professional criminals successfully breached its network, underscoring the evolving tactics of threat actors. The company acknowledged the persistent threat landscape and committed to collaborating with IT specialists to strengthen its defenses against future attacks. This incident mirrored a 2020 ransomware attack on Zaha Hadid Architects, another prominent architecture firm that similarly refused ransom demands during the COVID-19 pandemic. Sheppard Robson did not disclose financial losses, client data exposure, or project delays but reiterated the importance of robust cybersecurity protocols in safeguarding business operations.