Verint Victimized By Ransomware

By Dan Gelinas, Published Apr 18, 2019, 12:08pm EDT

Verint, which is best known in the physical security industry for video surveillance but has built a sizeable cybersecurity business as well, was infected with malware, the company confirmed to IPVM.

In this note, based on our research and discussion with Verint, we look at the following questions:

Who is affected?
What was the ransomware and how does it work?
What is being done to address the current issue?
What is being done to ensure it will not happen again?

****** ********* ** **** that ***** *** * malware ********, ************* ***** published ******* **** ******* news **************,*********, *********. ***** ******* ******* a ****** ****** ** millions ** *******.

*** ** ** **** a **-****-*** ******* **** a ****** ***** ** cybersecurity *** ******** **** malware?

Input **** ******

****** ******* ********* *** attack ********, *** "*********" and **** ****** **** back ** "******":

*** ****** *** ********** early, ********* *******, *** we *** **** ** normal **********.

The ********** ***-**

********* ** *** ********* reports, * ******** ** a ******** ****** ***** circulating ****** ** ***** 17th. *** ******* **** that "***** ** ********* a ******** ***** ********* the ** ******* *****," asking ********* ** **** off ***** ********* *** contact *** ** ******** if **** *** * ransomware ***-**, ** ***** below:

Ransomware ****

*** ****** ********* **** ***** ******* say *** ********** **** was **** ** ****** is ****** **** *** originates **** ***** *****:

******************* **** ************ *:

******** *** ******** ******* enterprises, ***** ********** ******** of **, ******* *** data ******* ** **** infected *******.

** **** *** **** and ********** ** *******, then ****** *** ********** targeted, ** ********** ********:

**** ** **** *********** for ******** *******. ** fact, *** ********** ****** is ************* ***** *** small-scale **********, **** **** only ******* ****** *** resources *** ******** ** each ******** ******* **** its ********* *** ************ carried *** ******** ** the *********.

****** **** *** ********** writes ***** ** ******* computers:

******* ***** *** **** written ** * *********, depending ** *** ******* of ******* ** ******’* computer. ** *** ******* is ******* ** ** Windows ****, *** **** is ******* ** *** directory “\********* *** ********\******* User\”, ********* ** ** created ** “\*****\******\”.

Who *** ********?

********* ** *** *****-********* reports, *** ********** ******** the ******-***** ****** ** Verint. ****** ** ************* in *** **** *** also*** **** ******* ********** the ********, *** *** EMEA *** **** *******.

****'* ********* ** ****** about ******* ** *** other ******* **** ******** or ******* ** *** any ****** ********* **** affected **** *** **** addressed.

****** ** * ***** organization **** * *** reach ** **** ***** in *** ********** **** the "***** ******" ******* of ****** ******* ** ***** site:

What ****** *** ****

********* ******* *** ** line **** ******'* ***** statement ** ****, ********* stating **** ****** **** the ****** *********** *****, ******** **** taken *** *** ****** was "********"** **** *****:

*******, ***** **** ******* go ** ** *** that *** ****** *** "fierce" ** ****** *** that "******" *** **** to ******'* *******:

***** ******* ****** *** any ** *** ********* reports **** ******** ******* on *** ****** ** damage,*** ***** ** *** Marker ***** *** ******** necessity ** ****** ** disclose*** ****** ** ************. Such * ********** ***** be ******** ** *** company's **********:

*** ******** ***** ***** the *******'* ***** *********** is *********** ********* ** this ****:

Revenue - ***** ************ ** *************

***** ****** ********* ** market ************ ** ***** surveillance ***** (***** ** its ****** ********* *** customer ****), *** ******* has ****************** * ************* ********

** * ******* *****, cyber ************ ******* ** $400+ ******* ********, ** the ******* ********* **** *** *****:

****** ******* ******** *** video ************ ******* ******* a *** ***** **** and ** **** **** it *** ** *** $100 ******* *****.

Guarding ******* ****** *********

****** *** *** ******* to ****'* ********* ***** what ** ***** **** to ****** **** ** attack **** *** ****** again.

Comments (4)

Undisclosed Integrator #1

04/18/19 06:37pm

*'* * ****** ******* what *** ******* ***** by "* ********** *** up". ********* ** ********** and******, **** **** ****** ransom ***** ** **** files ***** *********.

Dan Gelinas

IPVM | In reply to Undisclosed Integrator #1 | 04/18/19 07:44pm

***** **#*. *** *** of *** **** "********** pop-up" *** ***** ** Verint's ******* ** *** employees ******** **** **** to **. ** ***, Verint *** **** ************ to ******* ********* ****** the ***** ********* ****** in *** *****. * will *** **** ** elaborate ***** ** **** observation *** **** ****** when/if * **** **** from ****.

Pavel Grozdov

04/18/19 10:37pm

*****, * ****** **** anti ***** **** *** internally. * **** ** work ** ** ** a ****** ***** *** got *** **** * Crytolocker ***** **** ** the *** **** **** were ***. *’** **** very ******* ** ** Security *** ****** ***** then.

** ***’** ******* ** protect **** *******, **’* and ******* * ***** recommend **** ** ** Antivirus (*** **** ******* who *** ************ ****** VB100 ***** *** ***** participates) *** *** * Synology *** **** ***** Active ****** *** ******** suite, ********* **’* **** and ** ******** **** based *******, ********* *** Data ************* (***** ** average ** **% *** me).

Undisclosed #2

04/20/19 03:57am

******... /********, *** ***** keep ***** ***'* ** check ********** ** ** was ********* ******** ********.

*** * **** ***** Verint ** ***** *** wireless ***** **** ************/*********...**** those **** *** ****. Have *** **** **** since.

Read this IPVM report for free.

This article is part of IPVM's 6,651 reports, 895 tests and is only available to members. To get a one-time preview of our work, enter your work email to access the full article.