[BreachExchange] Mattel admits it was hit by a ransomware attack

Thu Nov 5 10:53:47 EST 2020

https://www.itpro.co.uk/security/ransomware/357651/mattel-hit-by-ransomware-attack

Toy manufacturer Mattel has admitted that it was hit by ransomware
attack that temporarily impacted some of its business functions but
did not lead to any data theft.

The Barbie manufacturer, which is also behind brands as Fisher-Price
and Hot Wheels, disclosed that the ransomware attack had taken place
on 28 July 2020.

In a quarterly report filed with the US Securities and Exchange
Commission, Mattel revealed that the ransomware attack “caused data on
a number of systems to be encrypted”.

What is ransomware?
Maze ransomware gang retires from cyber crime
Ryuk behind a third of all ransomware attacks in 2020

“Promptly upon detection of the attack, Mattel began enacting its
response protocols and taking a series of measures to stop the attack
and restore impacted systems. Mattel believes it has contained the
attack and, although some business functions were temporarily
impacted, Mattel was able to restore its critical operations," the toy
manufacturer stated in the legal document.

Mattel added that a forensic investigation of the attack found that
“no exfiltration of any sensitive business data or retail customer,
supplier, consumer, or employee data was identified” and that the
incident had “no material impact to Mattel's operations or financial
condition”.

Although the company didn’t provide any further details on the nature
of the attack, a source told Bleeping Computer that the July incident
could have been caused by Trickbot malware, which has since been
disrupted by Microsoft.

The tech giant had pulled the plug on Trickbot by obtaining a court
order to disable Trickbot’s servers’ IP address as well as
collaborated with telecoms worldwide to initiate technical actions to
further cripple the botnet.

Trickbot had experienced a resurgence during the 2020 pandemic, taking
advantage of the ongoing coronavirus crisis to trick users into
downloading malware onto their devices.

In April, Microsoft 365 Security corporate VP Rob Lefferts described
Trickbot as “trendy and pervasive”, while Microsoft Security
Intelligence warned that hackers were posing as the “USA Volunteer
Organization” and the “USA Humanitarian Group” while sending out
hundreds of emails offering free COVID-19 medical advice and testing.
Each email aimed to install the Trickbot malware using “unique
macro-laced” document attachments.

Prior to this, the TrickBot trojan had been named the most dangerous
threat to healthcare in 2019.

IT Pro has reached out to Mattel for comment but has not heard back
from the toy manufacturer at the time of publication.