After Colonial Pipeline and the Irish health system, another large organization has suffered a ransomware attack, in which the computer devices are conquered by a criminal group, which demands the payment of a ransom in exchange for their return.
This time it was the turn of Bose, a company specializing in the production of audio equipment, which notified the fact last May 19, with a letter sent to the US Attorney General’s office in New Hampshire: in document, published by Bleeping Computer and confirmed by the same company, it is learned that the attack was discovered on 7 March and that “the incident management protocols were immediately activated, containing it and strengthening the security measures”. Furthermore, “we have not paid any ransom”, the company said, which would therefore be able to regain control of its infrastructure without having to give in to the demands of the attackers, who are still unknown.
As explained by Bose itself to the authorities, the emergency would have been managed thanks to the help of forensic experts and IT experts, who allowed the systems to be restored, precisely without giving in to blackmail. In the analysis, carried out to ascertain the origin of the virus, it was found that cybercriminals have stolen the information of some employees and former employees (6 in total) who were informed by the same company, which offered them 12 months of assistance to prevent misuse of that information, including personal data and social security numbers. Contacted by Italian Tech, the company did not immediately comment.
the list
50 people from the Italian cybersecurity to follow. And it doesn’t stop there
by Arthur of Corinth
Forensic analysis
Immediately after the incident, Bose requested that the Web and the so-called Dark Web, the IT infrastructure that allows the anonymity of those who surf, were scanned for signs of data leaks, increasingly common even in the case of ransomware attacks. The use of information stolen from companies, even if the purpose of the attack is only to interrupt its operation, is increasingly common by criminals, who may want to exert public pressure against the victim, in order to push her to pay the ransom as soon as possible: “Bose has not received any signal from monitoring activities or from employees that any information has been illegally shared,” reads the letter, which also announces the involvement of federal authorities to conduct the investigation.
Among the measures taken in response to the emergency, Bose has reset passwords for all employees and isolated the compromised files used to spread the virus infection.
.