Verint Victimized By Ransomware

Published Apr 18, 2019 16:08 PM

Verint, which is best known in the physical security industry for video surveillance but has built a sizeable cybersecurity business as well, was infected with malware, the company confirmed to IPVM.

In this note, based on our research and discussion with Verint, we look at the following questions:

  • Who is affected?
  • What was the ransomware and how does it work?
  • What is being done to address the current issue?
  • What is being done to ensure it will not happen again?

****** ********* ** **** **** ***** was * ******* ********, ************* ***** published ******* **** ******* **** **************,*********, *********. ***** ******* ******* * ****** demand ** ******** ** *******.

*** ** ** **** * **-****-*** company **** * ****** ***** ** cybersecurity *** ******** **** *******?

Input **** ******

****** ******* ********* *** ****** ********, was "*********" *** **** ****** **** back ** "******":

*** ****** *** ********** *****, ********* quickly, *** ** *** **** ** normal **********.

The ********** ***-**

********* ** *** ********* *******, * snapshot ** * ******** ****** ***** circulating ****** ** ***** ****. *** warning **** **** "***** ** ********* a ******** ***** ********* *** ** premise *****," ****** ********* ** **** off ***** ********* *** ******* *** IT ******** ** **** *** * ransomware ***-**, ** ***** *****:

Ransomware ****

*** ****** ********* **** ***** ******* *** *** ransomware **** *** **** ** ****** is ****** **** *** ********** **** North *****:

******************* **** ************ *:

******** *** ******** ******* ***********, ***** encrypting ******** ** **, ******* *** data ******* ** **** ******** *******.

** **** *** **** *** ********** is *******, **** ****** *** ********** targeted, ** ********** ********:

**** ** **** *********** *** ******** attacks. ** ****, *** ********** ****** is ************* ***** *** *****-***** **********, such **** **** ******* ****** *** resources *** ******** ** **** ******** network **** *** ********* *** ************ carried *** ******** ** *** *********.

****** **** *** ********** ****** ***** to ******* *********:

******* ***** *** **** ******* ** a *********, ********* ** *** ******* of ******* ** ******’* ********. ** the ******* ** ******* ** ** Windows ****, *** **** ** ******* in *** ********* “\********* *** ********\******* User\”, ********* ** ** ******* ** “\users\Public\”.

Who *** ********?

********* ** *** *****-********* *******, *** ransomware ******** *** ******-***** ****** ** Verint. ****** ** ************* ** *** York *** ******* **** ******* ********** *** ********, and *** **** *** **** *******.

****'* ********* ** ****** ***** ******* or *** ***** ******* **** ******** or ******* ** *** *** ****** customers **** ******** **** *** **** addressed.

****** ** * ***** ************ **** a *** ***** ** **** ***** in *** ********** **** *** "***** Verint" ******* ** ****** ******* ** ***** ****:

What ****** *** ****

********* ******* *** ** **** **** Verint's ***** ********* ** ****, ********* stating **** ****** **** *** ****** was******** *****, ******** **** ***** *** the ****** *** "********"** **** *****:

*******, ***** **** ******* ** ** to *** **** *** ****** *** "fierce" ** ****** *** **** "******" was **** ** ******'* *******:

***** ******* ****** *** *** ** the ********* ******* **** ******** ******* on *** ****** ** ******,*** ***** ** *** ****** ***** the ******** ********* ** ****** ** disclose*** ****** ** ************. **** * disclosure ***** ** ******** ** *** company's **********:

*** ******** ***** ***** *** *******'* stock *********** ** *********** ********* ** this ****:

Revenue - ***** ************ ** *************

***** ****** ********* ** ****** ************ to ***** ************ ***** (***** ** its ****** ********* *** ******** ****), the ******* *** ****************** * ************* ********

** * ******* *****, ***** ************ revenue ** $***+ ******* ********, ** the ******* ********* **** *** *****:

****** ******* ******** *** ***** ************ related ******* * *** ***** **** and ** **** **** ** *** in *** $*** ******* *****.

Guarding ******* ****** *********

****** *** *** ******* ** ****'* questions ***** **** ** ***** **** to ****** **** ** ****** **** not ****** *****.

Comments (4)
UI
Undisclosed Integrator #1
Apr 18, 2019

*'* * ****** ******* **** *** warning ***** ** "* ********** *** up". ********* ** ********** *********, **** **** ****** ****** ***** in **** ***** ***** *********.

(1)
Avatar
Dan Gelinas
Apr 18, 2019
IPVM

***** **#*. *** *** ** *** term "********** ***-**" *** ***** ** Verint's ******* ** *** ********* ******** them **** ** **. ** ***, Verint *** **** ************ ** ******* questions ****** *** ***** ********* ****** in *** *****. * **** *** them ** ********* ***** ** **** observation *** **** ****** ****/** * hear **** **** ****.

(1)
PG
Pavel Grozdov
Apr 18, 2019

*****, * ****** **** **** ***** they *** **********. * **** ** work ** ** ** * ****** Admin *** *** *** **** * Crytolocker ***** **** ** *** *** when **** **** ***. *’** **** very ******* ** ** ******** *** Backup ***** ****.

** ***’** ******* ** ******* **** servers, **’* *** ******* * ***** recommend **** ** ** ********* (*** only ******* *** *** ************ ****** VB100 ***** *** ***** ************) *** use * ******** *** **** ***** Active ****** *** ******** *****, ********* it’s **** *** ** ******** **** based *******, ********* *** **** ************* (saves ** ******* ** **% *** me).

 

(4)
U
Undisclosed #2
Apr 20, 2019

******... /********, *** ***** **** ***** APT's ** ***** ********** ** ** was ********* ******** ********.

*** * **** ***** ****** ** those *** ******** ***** **** ************/*********...**** those **** *** ****. **** *** used **** *****.

(1)
(1)