[BreachExchange] Ransomware group said to be publishing freight forwarding firm's data Featured

Destry Winant destry at riskbasedsecurity.com
Tue Mar 24 10:19:02 EDT 2020


https://www.itwire.com/security/ransomware-group-said-to-be-publishing-freight-forwarding-firm-s-data.html

The group behind a Windows ransomware attack on Australian freight
forwarding and logistics firm Henning Harders has started publishing
data from the company which was stolen during the attack, security
sources have told iTWire.

The ransomware in question is believed to be Maze, though Henning
Harders was unable to confirm this when asked. A Henning Harders
spokesperson told iTWire: "No, we have not confirmed this and do not
propose to comment on the specifics, particularly while our forensic
review is underway."

Asked whether the company had paid the ransom as it was now saying on
its website that things were back to normal, the spokesperson said:
"It does not follow that because a company remains fully operational
despite a cyber incident that a ransom has been paid.

"Henning Harders has remained operational throughout although, as a
precautionary measure, was operating at limited capacity from Sunday
15 March – Wednesday 18 March when full operations were restored."

The attack was noticed by the company on 15 March, after which it
posted an undated notice on its website, with the legend "March 2020"
at the top.

The security sources said the way the Maze group worked was to
initially name the company and then, if payment was not received, to
publish a small amount of the company's data as proof that it was
really the group behind the intrusion.

The group was also known to publish this information on Russian cyber
crime forums with a note to, "Use this information in any nefarious
ways that you want", the sources added.

The data collected from a company was, at times, used for phishing. At
other times it was sold or published with the express purpose of
ruining the reputation of the firm in question. Identity fraud was
another avenue which the Maze group was involved in, the security
sources said.

Any claims made by the group would have to be taken with a pinch of
salt, the sources cautioned, as they were a criminal enterprise.

Asked why Henning Harders had Windows systems facing the Internet
despite the enormous number of ransomware attacks on this operating
system, the company spokesperson replied: "Henning Harders takes the
security of its data extremely seriously. We constantly update our
policies and procedures in this regard. In light of this sophisticated
attack, we have taken further steps to buttress our systems."

Asked how big Henning Harders was in the freight forwarding and
logistics market in ANZ, the spokesperson did not provide a direct
answer, instead saying: "Henning Harders is a locally owned, family
operated business with offices in Australia and New Zealand."


More information about the BreachExchange mailing list