Verint Victimized By Ransomware

By Dan Gelinas, Published Apr 18, 2019, 12:08pm EDT

Verint, which is best known in the physical security industry for video surveillance but has built a sizeable cybersecurity business as well, was infected with malware, the company confirmed to IPVM.

In this note, based on our research and discussion with Verint, we look at the following questions:

  • Who is affected?
  • What was the ransomware and how does it work?
  • What is being done to address the current issue?
  • What is being done to ensure it will not happen again?

****** ********* ** **** that ***** *** * malware ********, ************* ***** published ******* **** ******* news **************,*********, *********. ***** ******* ******* a ****** ****** ** millions ** *******.

*** ** ** **** a **-****-*** ******* **** a ****** ***** ** cybersecurity *** ******** **** malware?

Input **** ******

****** ******* ********* *** attack ********, *** "*********" and **** ****** **** back ** "******":

*** ****** *** ********** early, ********* *******, *** we *** **** ** normal **********.

The ********** ***-**

********* ** *** ********* reports, * ******** ** a ******** ****** ***** circulating ****** ** ***** 17th. *** ******* **** that "***** ** ********* a ******** ***** ********* the ** ******* *****," asking ********* ** **** off ***** ********* *** contact *** ** ******** if **** *** * ransomware ***-**, ** ***** below:

Ransomware ****

*** ****** ********* **** ***** ******* say *** ********** **** was **** ** ****** is ****** **** *** originates **** ***** *****:

******************* **** ************ *:

******** *** ******** ******* enterprises, ***** ********** ******** of **, ******* *** data ******* ** **** infected *******.

** **** *** **** and ********** ** *******, then ****** *** ********** targeted, ** ********** ********:

**** ** **** *********** for ******** *******. ** fact, *** ********** ****** is ************* ***** *** small-scale **********, **** **** only ******* ****** *** resources *** ******** ** each ******** ******* **** its ********* *** ************ carried *** ******** ** the *********.

****** **** *** ********** writes ***** ** ******* computers:

******* ***** *** **** written ** * *********, depending ** *** ******* of ******* ** ******’* computer. ** *** ******* is ******* ** ** Windows ****, *** **** is ******* ** *** directory “\********* *** ********\******* User\”, ********* ** ** created ** “\*****\******\”.

Who *** ********?

********* ** *** *****-********* reports, *** ********** ******** the ******-***** ****** ** Verint. ****** ** ************* in *** **** *** also*** **** ******* ********** the ********, *** *** EMEA *** **** *******.

****'* ********* ** ****** about ******* ** *** other ******* **** ******** or ******* ** *** any ****** ********* **** affected **** *** **** addressed.

****** ** * ***** organization **** * *** reach ** **** ***** in *** ********** **** the "***** ******" ******* of ****** ******* ** ***** site:

What ****** *** ****

********* ******* *** ** line **** ******'* ***** statement ** ****, ********* stating **** ****** **** the ****** *********** *****, ******** **** taken *** *** ****** was "********"** **** *****:

*******, ***** **** ******* go ** ** *** that *** ****** *** "fierce" ** ****** *** that "******" *** **** to ******'* *******:

***** ******* ****** *** any ** *** ********* reports **** ******** ******* on *** ****** ** damage,*** ***** ** *** Marker ***** *** ******** necessity ** ****** ** disclose*** ****** ** ************. Such * ********** ***** be ******** ** *** company's **********:

*** ******** ***** ***** the *******'* ***** *********** is *********** ********* ** this ****:

Revenue - ***** ************ ** *************

***** ****** ********* ** market ************ ** ***** surveillance ***** (***** ** its ****** ********* *** customer ****), *** ******* has ****************** * ************* ********

** * ******* *****, cyber ************ ******* ** $400+ ******* ********, ** the ******* ********* **** *** *****:

****** ******* ******** *** video ************ ******* ******* a *** ***** **** and ** **** **** it *** ** *** $100 ******* *****.

Guarding ******* ****** *********

****** *** *** ******* to ****'* ********* ***** what ** ***** **** to ****** **** ** attack **** *** ****** again.

Comments (4)

I'm a little curious what the warning means by "a ransomware pop up". According to Checkpoint and Sophos, Ryuk just leaves ransom notes in text files after operating.

Agree
Disagree
Informative: 1
Unhelpful
Funny

Hello UI#1. Our use of the term "ransomware pop-up" was based on Verint's message to its employees advising them what to do. So far, Verint has been unresponsive to further questions beyond the brief statement quoted in the story. I will ask them to elaborate based on your observation and will update when/if I hear back from them.

Agree
Disagree
Informative: 1
Unhelpful
Funny

Hmmmm, I wonder what anti virus they use internally. I used to work in IT as a System Admin and got hit with a Crytolocker Virus back in the day when they were new. I’ve been very focused on IT Security and Backup since then.

If you’re looking to protect your servers, VM’s and clients I would recommend ESET as an Antivirus (the only company who has consistently passed VB100 tests and still participates) and use a Synology NAS with their Active Backup for Business suite, amazingly it’s free and it supports byte based backups, snapshots and Data Deduplication (saves an average of 25% for me).

 

Agree
Disagree
Informative: 4
Unhelpful
Funny

Verint... /facepalm, you gotta keep those APT's in check especially if it was attacking internal machines.

All I know about Verint is those old wireless Smart Site transmitters/receivers...glad those days are over. Have not used them since.

Agree
Disagree
Informative: 1
Unhelpful
Funny: 1
Read this IPVM report for free.

This article is part of IPVM's 7,092 reports and 940 tests and is only available to members. To get a one-time preview of our work, enter your work email to access the full article.

Already a member? Login here | Join now
Loading Related Reports