Whirlpool, one of the largest home appliances manufacturers, suffered a ransomware attack by the Nefilm ransomware gang that stole data before encrypting their devices. Over the weekend, the Nefilm gang published stolen files from Whirlpool and included documents related to employee benefits, accommodation requests, medical information requests, background checks, and more. In a statement from Whirlpool, they confirmed the attack and stated that their systems have been fully restored. Whirlpool stated, “We live in a time when Illegal cyber-crimes are all too prevalent across every industry. Data privacy is a top priority at Whirlpool Corporation, and we invest in the technology and processes to help protect our people, our data, and our operations. Last month Whirlpool Corporation discovered ransomware in our environment. The malware was detected and contained quickly. We are unaware of any consumer information that was exposed. There is no operational impact at this time.” The Nefilm gang is not the most active group but has been linked to some large and well-known victims. As of 12/28/2020, the Whirlpool systems are completely restored.
It has not been reported on exactly how Whirlpools systems became infected, but it can be assumed that human error is the culprit. The primary method of infection for most malware is through malicious emails. Employers are highly recommended to provide their employees with training on how to detect and defend from malicious emails. This incident is also a good example of why a strong cybersecurity response plan, including a strategy for backing up and restoring data, is needed. Whirlpool was able to fully restore systems, apparently without paying the ransom demand. Organizations large and small should have a response plan in place that provides a step-by-step plan on how to deal with these attacks. Early detection of intrusions can prevent threat actors from having the opportunity to steal data and encrypt files with ransomware. The teams at Binary Defense stand ready to partner with organizations to provide a strong security monitoring and detection capability that can stop attacks quickly.
Source Article: https://www.pcrisk.com/removal-guides/17305-nefilim-ransomware