Ransomware: incransom claims obrieneng.com (US) — Construction

A new ransomware incident has been publicly claimed by the Incransom group, targeting the US construction firm obrieneng.com. The claim was published on the ransomware.live leak site on June 5, 2026. While this is not a regulatory change in law, it serves as a critical threat intelligence alert under the EU Cyber Resilience Act (CRA) framework, which imposes stricter security and reporting obligations for digital products and services. The incident highlights the ongoing risk of ransomware attacks against critical infrastructure sectors, particularly construction and engineering.

Organizations in the construction, engineering, and related supply chain sectors are directly affected, especially those operating in the US or EU markets. Under the CRA, any company that manufactures or distributes software, hardware, or digital services used in these sectors must assess whether their products or services could be exploited in similar attacks. Compliance teams should also consider the potential for cross-border data exposure if the victim firm handles EU personal data.

Compliance teams should immediately verify whether their organization or its vendors have any connection to obrieneng.com or similar construction firms. They should also review their ransomware response plans, ensure that incident reporting procedures align with CRA timelines (72 hours for notifiable incidents), and conduct a risk assessment of third-party software and services used in critical operations. Proactive monitoring of ransomware leak sites and threat intelligence feeds is now essential to meet due diligence obligations under the CRA.