Cyber Incident Victim: Montrose Environmental Group

Montrose Environmental Group, a US-based environmental services provider headquartered in Arkansas, experienced a ransomware attack during the weekend preceding June 14, 2022. The intrusion primarily impacted computers and servers within the Enthalpy Analytical laboratory network, a subsidiary operating 11 environmental testing facilities across the United States. Upon detecting the incident, Montrose immediately suspended affected systems to contain the threat and initiated remediation efforts involving internal and external IT and cybersecurity experts. The company notified law enforcement agencies and characterized the attackers as "highly sophisticated bad actors" based on the attack's nature and consultations with cybersecurity professionals and authorities. While Montrose confirmed disruptions to laboratory testing services for air, soil, water, and toxic substance analysis, it maintained that backup data and cloud-based enterprise systems—including email—remained unaffected by the compromise.

The incident caused delays in delivering certain laboratory test results from the Enthalpy business unit, though Montrose stated it did not anticipate major disruptions to its broader service portfolio, which included leak detection, soil remediation, biogas solutions, and advisory services across 80 global locations. The company began notifying clients about potential delays while continuing restoration efforts for impacted systems. Montrose emphasized that if investigations revealed unauthorized access to third-party data, affected entities and regulatory bodies would receive notifications. Despite expressing confidence in a rapid recovery with limited operational impact, the organization acknowledged that evolving investigation findings could alter their initial assessment of the incident's consequences. No further details regarding ransom demands, payment status, or data exfiltration were disclosed in the initial public statement.