BreachExchange mailing list archives
Ransomware group said to be publishing freight forwarding firm's data Featured
From: Destry Winant <destry () riskbasedsecurity com>
Date: Tue, 24 Mar 2020 09:19:02 -0500
https://www.itwire.com/security/ransomware-group-said-to-be-publishing-freight-forwarding-firm-s-data.html The group behind a Windows ransomware attack on Australian freight forwarding and logistics firm Henning Harders has started publishing data from the company which was stolen during the attack, security sources have told iTWire. The ransomware in question is believed to be Maze, though Henning Harders was unable to confirm this when asked. A Henning Harders spokesperson told iTWire: "No, we have not confirmed this and do not propose to comment on the specifics, particularly while our forensic review is underway." Asked whether the company had paid the ransom as it was now saying on its website that things were back to normal, the spokesperson said: "It does not follow that because a company remains fully operational despite a cyber incident that a ransom has been paid. "Henning Harders has remained operational throughout although, as a precautionary measure, was operating at limited capacity from Sunday 15 March – Wednesday 18 March when full operations were restored." The attack was noticed by the company on 15 March, after which it posted an undated notice on its website, with the legend "March 2020" at the top. The security sources said the way the Maze group worked was to initially name the company and then, if payment was not received, to publish a small amount of the company's data as proof that it was really the group behind the intrusion. The group was also known to publish this information on Russian cyber crime forums with a note to, "Use this information in any nefarious ways that you want", the sources added. The data collected from a company was, at times, used for phishing. At other times it was sold or published with the express purpose of ruining the reputation of the firm in question. Identity fraud was another avenue which the Maze group was involved in, the security sources said. Any claims made by the group would have to be taken with a pinch of salt, the sources cautioned, as they were a criminal enterprise. Asked why Henning Harders had Windows systems facing the Internet despite the enormous number of ransomware attacks on this operating system, the company spokesperson replied: "Henning Harders takes the security of its data extremely seriously. We constantly update our policies and procedures in this regard. In light of this sophisticated attack, we have taken further steps to buttress our systems." Asked how big Henning Harders was in the freight forwarding and logistics market in ANZ, the spokesperson did not provide a direct answer, instead saying: "Henning Harders is a locally owned, family operated business with offices in Australia and New Zealand." _______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- Ransomware group said to be publishing freight forwarding firm's data Featured Destry Winant (Mar 24)