Verint Victimized By Ransomware
Verint, which is best known in the physical security industry for video surveillance but has built a sizeable cybersecurity business as well, was infected with malware, the company confirmed to IPVM.
In this note, based on our research and discussion with Verint, we look at the following questions:
- Who is affected?
- What was the ransomware and how does it work?
- What is being done to address the current issue?
- What is being done to ensure it will not happen again?
****** ********* ** **** **** ***** was * ******* ********, ************* ***** published ******* **** ******* **** **************,*********, *********. ***** ******* ******* * ****** demand ** ******** ** *******.
*** ** ** **** * **-****-*** company **** * ****** ***** ** cybersecurity *** ******** **** *******?
Input **** ******
****** ******* ********* *** ****** ********, was "*********" *** **** ****** **** back ** "******":
*** ****** *** ********** *****, ********* quickly, *** ** *** **** ** normal **********.
The ********** ***-**
********* ** *** ********* *******, * snapshot ** * ******** ****** ***** circulating ****** ** ***** ****. *** warning **** **** "***** ** ********* a ******** ***** ********* *** ** premise *****," ****** ********* ** **** off ***** ********* *** ******* *** IT ******** ** **** *** * ransomware ***-**, ** ***** *****:
Ransomware ****
*** ****** ********* **** ***** ******* *** *** ransomware **** *** **** ** ****** is ****** **** *** ********** **** North *****:
******************* **** ************ *:
******** *** ******** ******* ***********, ***** encrypting ******** ** **, ******* *** data ******* ** **** ******** *******.
** **** *** **** *** ********** is *******, **** ****** *** ********** targeted, ** ********** ********:
**** ** **** *********** *** ******** attacks. ** ****, *** ********** ****** is ************* ***** *** *****-***** **********, such **** **** ******* ****** *** resources *** ******** ** **** ******** network **** *** ********* *** ************ carried *** ******** ** *** *********.
****** **** *** ********** ****** ***** to ******* *********:
******* ***** *** **** ******* ** a *********, ********* ** *** ******* of ******* ** ******’* ********. ** the ******* ** ******* ** ** Windows ****, *** **** ** ******* in *** ********* “\********* *** ********\******* User\”, ********* ** ** ******* ** “\users\Public\”.
Who *** ********?
********* ** *** *****-********* *******, *** ransomware ******** *** ******-***** ****** ** Verint. ****** ** ************* ** *** York *** ******* **** ******* ********** *** ********, and *** **** *** **** *******.
****'* ********* ** ****** ***** ******* or *** ***** ******* **** ******** or ******* ** *** *** ****** customers **** ******** **** *** **** addressed.
****** ** * ***** ************ **** a *** ***** ** **** ***** in *** ********** **** *** "***** Verint" ******* ** ****** ******* ** ***** ****:
What ****** *** ****
********* ******* *** ** **** **** Verint's ***** ********* ** ****, ********* stating **** ****** **** *** ****** was******** *****, ******** **** ***** *** the ****** *** "********"** **** *****:
*******, ***** **** ******* ** ** to *** **** *** ****** *** "fierce" ** ****** *** **** "******" was **** ** ******'* *******:
***** ******* ****** *** *** ** the ********* ******* **** ******** ******* on *** ****** ** ******,*** ***** ** *** ****** ***** the ******** ********* ** ****** ** disclose*** ****** ** ************. **** * disclosure ***** ** ******** ** *** company's **********:
*** ******** ***** ***** *** *******'* stock *********** ** *********** ********* ** this ****:
Revenue - ***** ************ ** *************
***** ****** ********* ** ****** ************ to ***** ************ ***** (***** ** its ****** ********* *** ******** ****), the ******* *** ****************** * ************* ********
** * ******* *****, ***** ************ revenue ** $***+ ******* ********, ** the ******* ********* **** *** *****:
****** ******* ******** *** ***** ************ related ******* * *** ***** **** and ** **** **** ** *** in *** $*** ******* *****.
Guarding ******* ****** *********
****** *** *** ******* ** ****'* questions ***** **** ** ***** **** to ****** **** ** ****** **** not ****** *****.
***** **#*. *** *** ** *** term "********** ***-**" *** ***** ** Verint's ******* ** *** ********* ******** them **** ** **. ** ***, Verint *** **** ************ ** ******* questions ****** *** ***** ********* ****** in *** *****. * **** *** them ** ********* ***** ** **** observation *** **** ****** ****/** * hear **** **** ****.
*****, * ****** **** **** ***** they *** **********. * **** ** work ** ** ** * ****** Admin *** *** *** **** * Crytolocker ***** **** ** *** *** when **** **** ***. *’** **** very ******* ** ** ******** *** Backup ***** ****.
** ***’** ******* ** ******* **** servers, **’* *** ******* * ***** recommend **** ** ** ********* (*** only ******* *** *** ************ ****** VB100 ***** *** ***** ************) *** use * ******** *** **** ***** Active ****** *** ******** *****, ********* it’s **** *** ** ******** **** based *******, ********* *** **** ************* (saves ** ******* ** **% *** me).
******... /********, *** ***** **** ***** APT's ** ***** ********** ** ** was ********* ******** ********.
*** * **** ***** ****** ** those *** ******** ***** **** ************/*********...**** those **** *** ****. **** *** used **** *****.
*'* * ****** ******* **** *** warning ***** ** "* ********** *** up". ********* ** ********** *********, **** **** ****** ****** ***** in **** ***** ***** *********.