Security Market Segment LS
Thursday, 17 September 2020 07:25

Gang uses Windows ransomware to hit IT staffing company Artech twice

Gang uses Windows ransomware to hit IT staffing company Artech twice Image by Gerd Altmann from Pixabay

Cyber criminals who breached the infrastructure of the American IT staffing company Artech Information Systems and then used the Windows REvil ransomware, which is also known as Sodinokibi, to encrypt files on-site, appear to have staged a second attack on the same firm using the Maze ransomware and released all the data that they stole in the second attack on a dark web site.

The first breach appears to have taken place on 8 January and came to light through the draft of a notice sent to affected parties by the company. It was published online by the website Bleeping Computer that specialises in reporting about ransomware.

iTWire wrote to Artech on Sunday, seeking further information about the January breach but has not heard back as yet. [A partial screenshot of the list of data files leaked after the second breach can be seen below]. 

In the notice sent to customers, Artech's Eric Szoke said that the company had been told of unusual activity on a user's account and found that ransomware had been deployed on certain systems.

A third-party forensics firm was hired to investigate and by 15 January it was determined that an attacker had gained access to some systems between 5 January and 8 January.

artech infoA review was then conducted and completed around 25 June, Szoke wrote, adding that some of the files that were tampered with contained information relevant to the person addressed in the notice.

Bleeping Computer said it had been aware of the leak on 11 January when the REvil gang leaked 337MB of files said to have been stolen from Artech's servers.

In a second notice, dated 4 September, Artech detailed the kind of information that had been stolen.

"The investigation determined that at the time of the incident the involved files may have contained information including name, Social Security number, medical information, health insurance information, financial information, payment card information, driver’s license/state identification number, government-issued identification number, passport number, visa number, electronic/digital signature, username and password information," it said.

A private firm, Artech says it had annual revenue of US$810 million in 2019. It has more than 10,500 employees and consultants across 40 US states, Canada, India, and China and has its headquarters in New Jersey.

Contacted for comment. iTWire's regular commentator on ransomware attacks, Brett Callow, who works for the New Zealand-headquartered security firm Emsisoft, said: "In cases like this, the second attack may or may not be related to the initial attack. The company could have simply had very bad luck ('To lose one parent, Mr. Worthing......').

"Or it could be the case that the initial attacker installed a backdoor enabled the second attack. The fact that different ransomware was used in each attack does not eliminate this possibility. Both REvil and Maze operate on an affiliate basis and the affiliates - which will typically own backdoors - may work for multiple groups."

Subscribe to ITWIRE UPDATE Newsletter here

Active Vs. Passive DWDM Solutions

An active approach to your growing optical transport network & connectivity needs.

Building dark fibre network infrastructure using WDM technology used to be considered a complex challenge that only carriers have the means to implement.

This has led many enterprises to build passive networks, which are inferior in quality and ultimately limit their future growth.

Why are passive solutions considered inferior? And what makes active solutions great?

Read more about these two solutions, and how PacketLight fits into all this.


WEBINAR INVITE 8th & 10th September: 5G Performing At The Edge

Don't miss the only 5G and edge performance-focused event in the industry!

Edge computing will play a critical part within digital transformation initiatives across every industry sector. It promises operational speed and efficiency, improved customer service, and reduced operational costs.

This coupled with the new capabilities 5G brings opens up huge opportunities for both network operators and enterprise organisations.

But these technologies will only reach their full potential with assured delivery and performance – with a trust model in place.

With this in mind, we are pleased to announce a two-part digital event, sponsored by Accedian, on the 8th & 10th of September titled 5G: Performing at the Edge.


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News