The financial tech giant Diebold Nixdorf has been infected by a relatively new ransomware known as ProLock. While customers were understandably worried about ATM and customer-connected networks, Diebold said that the infection only affected its corporate network. The company told Brian Krebs that their security team discovered unusual behavior on the evening of April 25th. Suspecting a ransomware infection, the team began disconnecting systems from the network immediately to limit the spread. Although the infection only spread within the corporate network, Diebold also told Krebs that their response to the infection did disrupt a system responsible for handling field service technician requests.
ProLock got its start in late 2019 as PwnedLocker, targeting larger businesses and local city governments to demand high ransom payments. Due to a flaw in the encryption implantation, Emsisoft was able to release a free decryptor for PwnedLocker. The rebrand from PwndLocker to ProLock was likely a move to keep the image of ransomware that is unrecoverable without the author or group’s help.
