I'm a little curious what the warning means by "a ransomware pop up". According to Checkpoint and Sophos, Ryuk just leaves ransom notes in text files after operating.
Verint Victimized By Ransomware
Published Apr 18, 2019 16:08 PM
Verint, which is best known in the physical security industry for video surveillance but has built a sizeable cybersecurity business as well, was infected with malware, the company confirmed to IPVM.
In this note, based on our research and discussion with Verint, we look at the following questions:
- Who is affected?
- What was the ransomware and how does it work?
- What is being done to address the current issue?
- What is being done to ensure it will not happen again?
****** ********* ** **** **** ***** was * ******* ********, ************* ***** published ******* **** ******* **** **************,*********, *********. ***** ******* ******* * ****** demand ** ******** ** *******.
*** ** ** **** * **-****-*** company **** * ****** ***** ** cybersecurity *** ******** **** *******?
Input **** ******
****** ******* ********* *** ****** ********, was "*********" *** **** ****** **** back ** "******":
*** ****** *** ********** *****, ********* quickly, *** ** *** **** ** normal **********.
The ********** ***-**
********* ** *** ********* *******, * snapshot ** * ******** ****** ***** circulating ****** ** ***** ****. *** warning **** **** "***** ** ********* a ******** ***** ********* *** ** premise *****," ****** ********* ** **** off ***** ********* *** ******* *** IT ******** ** **** *** * ransomware ***-**, ** ***** *****:
Ransomware ****
*** ****** ********* **** ***** ******* *** *** ransomware **** *** **** ** ****** is ****** **** *** ********** **** North *****:
******************* **** ************ *:
******** *** ******** ******* ***********, ***** encrypting ******** ** **, ******* *** data ******* ** **** ******** *******.
** **** *** **** *** ********** is *******, **** ****** *** ********** targeted, ** ********** ********:
**** ** **** *********** *** ******** attacks. ** ****, *** ********** ****** is ************* ***** *** *****-***** **********, such **** **** ******* ****** *** resources *** ******** ** **** ******** network **** *** ********* *** ************ carried *** ******** ** *** *********.
****** **** *** ********** ****** ***** to ******* *********:
******* ***** *** **** ******* ** a *********, ********* ** *** ******* of ******* ** ******’* ********. ** the ******* ** ******* ** ** Windows ****, *** **** ** ******* in *** ********* “\********* *** ********\******* User\”, ********* ** ** ******* ** “\users\Public\”.
Who *** ********?
********* ** *** *****-********* *******, *** ransomware ******** *** ******-***** ****** ** Verint. ****** ** ************* ** *** York *** ******* **** ******* ********** *** ********, and *** **** *** **** *******.
****'* ********* ** ****** ***** ******* or *** ***** ******* **** ******** or ******* ** *** *** ****** customers **** ******** **** *** **** addressed.
****** ** * ***** ************ **** a *** ***** ** **** ***** in *** ********** **** *** "***** Verint" ******* ** ****** ******* ** ***** ****:
What ****** *** ****
********* ******* *** ** **** **** Verint's ***** ********* ** ****, ********* stating **** ****** **** *** ****** was******** *****, ******** **** ***** *** the ****** *** "********"** **** *****:
*******, ***** **** ******* ** ** to *** **** *** ****** *** "fierce" ** ****** *** **** "******" was **** ** ******'* *******:
***** ******* ****** *** *** ** the ********* ******* **** ******** ******* on *** ****** ** ******,*** ***** ** *** ****** ***** the ******** ********* ** ****** ** disclose*** ****** ** ************. **** * disclosure ***** ** ******** ** *** company's **********:
*** ******** ***** ***** *** *******'* stock *********** ** *********** ********* ** this ****:
Revenue - ***** ************ ** *************
***** ****** ********* ** ****** ************ to ***** ************ ***** (***** ** its ****** ********* *** ******** ****), the ******* *** ****************** * ************* ********
** * ******* *****, ***** ************ revenue ** $***+ ******* ********, ** the ******* ********* **** *** *****:
****** ******* ******** *** ***** ************ related ******* * *** ***** **** and ** **** **** ** *** in *** $*** ******* *****.
Guarding ******* ****** *********
****** *** *** ******* ** ****'* questions ***** **** ** ***** **** to ****** **** ** ****** **** not ****** *****.
Comments (4)
UI
Undisclosed Integrator #1
Apr 18, 2019Dan Gelinas
Apr 18, 2019Hello UI#1. Our use of the term "ransomware pop-up" was based on Verint's message to its employees advising them what to do. So far, Verint has been unresponsive to further questions beyond the brief statement quoted in the story. I will ask them to elaborate based on your observation and will update when/if I hear back from them.
PG
Pavel Grozdov
Apr 18, 2019Hmmmm, I wonder what anti virus they use internally. I used to work in IT as a System Admin and got hit with a Crytolocker Virus back in the day when they were new. I’ve been very focused on IT Security and Backup since then.
If you’re looking to protect your servers, VM’s and clients I would recommend ESET as an Antivirus (the only company who has consistently passed VB100 tests and still participates) and use a Synology NAS with their Active Backup for Business suite, amazingly it’s free and it supports byte based backups, snapshots and Data Deduplication (saves an average of 25% for me).
U
Undisclosed #2
Apr 20, 2019Verint... /facepalm, you gotta keep those APT's in check especially if it was attacking internal machines.
All I know about Verint is those old wireless Smart Site transmitters/receivers...glad those days are over. Have not used them since.