[BreachExchange] US Staffing Firm Hit by Ransomware Again

Thu Sep 17 10:26:21 EDT 2020

https://www.infosecurity-magazine.com/news/us-staffing-firm-hit-by-ransomware/

One of the largest IT staffing companies in America has been hit by a
second ransomware attack in nine months.

At the start of September, Artech Information Systems disclosed a data
breach caused by a ransomware attack perpetrated between January 5 and
8, 2020.

Attackers deployed the ransomware three days after gaining
unauthorized access to some of the company's systems. The incident was
picked up by the company following reports of suspicious activity on
the user account of an Artech employee.

Ransomware gang REvil (Sodinokobi) presented themselves as responsible
for the attack on Artech. After apparently failing to blackmail a
ransom payment out of the company, on January 11 the gang leaked what
they claimed was 337 MB of data stolen from Artech's servers.

Now it appears that the company has been hit with ransomware for a
second time, but from a different source.

The profitable business, which brought in around $810m in annual
revenue last year, is among the victims listed on the website of the
threat group MAZE.

Along with the announcement of the alleged hack, MAZE has uploaded a
zip file of data it claims to have stolen from Artech.

Commenting on the alleged second ransomware attack, Emsisoft threat
analyst Brett Callow told Infosecurity Magazine: "It’s not uncommon to
see companies hit for a second time, and sometimes by a different
ransomware group. In some cases, this will simply be coincidence. In
other cases, it’s likely that the network was backdoored during the
initial attack and the backdoor was subsequently sold or traded to
whichever group carried out the second attack."

Callow added that it was absolutely critical for any company hit by
ransomware to take appropriate action to remediate the incident.

"Failing to do so can result in a second attacker's maintaining a
foothold in the network, monitoring communications, continuing to
exfiltrate data, and encrypting it for a second time," said Callow.

Artech is a privately-held firm that provides government services,
workforce and staffing solutions, and program management. It employs
over 10,500 staff and consultants across the United States, Canada,
China, and India.