Cyber Incident Victim: Laganscg

On February 13, 2023, the LockBit ransomware group publicly listed the Lagan Specialist Contracting Group (SCG), a Belfast-based construction and aviation firm, on its dark web leak site following a confirmed cyber incident. The attackers issued a ransom demand with a deadline of February 28, threatening to publish or sell sensitive company data if unpaid. While Lagan SCG did not disclose the exact ransom figure, industry sources indicated it was likely in the six-figure range, correlating with the company’s £100 million-plus annual turnover in 2022. The incident followed LockBit’s established double extortion tactics—encrypting files while separately threatening data leaks—though Lagan SCG maintained business operations continued normally across its offices in Ireland, Britain, the U.S., and Dubai. The group operates a ransomware-as-a-service model, often initiating attacks through phishing to deploy malware.

Lagan SCG concluded its internal investigation, notified the Police Service of Northern Ireland’s cyber-crime unit, and communicated updates to employees and clients. The company acknowledged the growing prevalence of such attacks and committed to implementing enhanced security measures but did not confirm whether a ransom was paid. Industry experts noted that approximately 80% of targeted UK firms pay ransoms, citing recent examples like Dublin-based Ion Trading, which reportedly received a decryption key after payment. Private cybersecurity consultants and insurance firms increasingly led incident response efforts due to limited law enforcement resources. The PSNI did not publicly comment on the case. LockBit’s leak site concurrently featured unresolved negotiations with Royal Mail, revealing demands for $80 million, contrasting with Lagan SCG’s unresolved status as of the article’s publication date.