On Tuesday, cyber security experts discovered that the prominent Chinese marketing firm Fimmick had been hit with REvil ransomware. The Russian-based ransomware group gained notoriety this July when it deployed a successful ransomware attack on Kaseya Virtual System Administrator (VSA) servers. As a result, Kaseya was forced to shut down their SaaS servers, causing downtime for over 1,000 companies.
Since the suspected attack, Fimmick’s website has been unresponsive. According to security researchers, marketing firms are within the most targeted sectors of 2021. This is because of the access to much larger, high-profile companies. In this case, Fimmick’s client list spanned from Coca-Cola to Shell. It was also noted that 73% of ransomware detections were related to the REvil/Sodinokibi family.
With the increase in remote work, REvil has increased their focus on conducting exploits via emails with attachments. Attacks on marketing firms are not often highlighted in the media, however, their domino effect to target other companies have proven to be much more damaging and costly.
Email remains to be a leading attack vector for ransomware operators. Threat actors send phishing links to their targets and a single click can execute malware on a system that could encrypt all data. To protect against this, organizations should regularly train their users to avoid clicking any suspicious email links and report them to IT admins for further investigation.