The cybersecurity and threat detection company Cygilant has become a victim of the NetWalker ransomware-as-a-service group. The group essentially rents their infrastructure to other threat groups so they can carry out their own attacks. The threat actors first exfiltrate sensitive files to a server belonging to the attackers, and then deploy the malware to encrypt files. The attackers then threaten to release the files publicly if the ransom isn’t paid. Cygilant’s CFO, Christina Lattuca said in a statement, “Our Cyber Defense and Response Center team took immediate and decisive action to stop the progression of the attack. We are working closely with third-party forensic investigators and law enforcement to understand the full nature and impact of the attack. Cygilant is committed to the ongoing security of our network and to continuously strengthening all aspects of our security program.” When searching a Darkweb site used by the Netwalker ransomware group for files stolen from its victims, researchers found screenshots of what appeared to internal network files and directories appearing to be associated with Cygilant. While Cygilant would not confirm if they paid the ransom or not, the screenshots on the Netwalker site were removed later.