Threat Watch

NetWalker Ransomware Infects Security Company Cygilant

The cybersecurity and threat detection company Cygilant has become a victim of the NetWalker ransomware-as-a-service group. The group essentially rents their infrastructure to other threat groups so they can carry out their own attacks. The threat actors first exfiltrate sensitive files to a server belonging to the attackers, and then deploy the malware to encrypt files. The attackers then threaten to release the files publicly if the ransom isn’t paid. Cygilant’s CFO, Christina Lattuca said in a statement, “Our Cyber Defense and Response Center team took immediate and decisive action to stop the progression of the attack. We are working closely with third-party forensic investigators and law enforcement to understand the full nature and impact of the attack. Cygilant is committed to the ongoing security of our network and to continuously strengthening all aspects of our security program.” When searching a Darkweb site used by the Netwalker ransomware group for files stolen from its victims, researchers found screenshots of what appeared to internal network files and directories appearing to be associated with Cygilant. While Cygilant would not confirm if they paid the ransom or not, the screenshots on the Netwalker site were removed later.

ANALYST NOTES

The fact that ransomware can affect a company dedicated to cyber security shows that attackers are innovative and determined to get around defenses by evading detection. Ransomware can happen to any organization. It is important for defenders to constantly evaluate existing threat detections and hunt for any indication of unusual activity on endpoints and in network traffic. For companies that are looking to defend against ransomware, a Security Operations Center (SOC) that operates 24 hours a day, seven days a week is required to quickly respond to threats. Either an internally-staffed SOC or managed services such as the ones offered by Binary Defense’s Security Operations Task Force are suggested. Our SOC will monitor endpoints for signs of intrusion 24/7 and make it a point to stop attacks before they cause greater damage.

Source: https://techcrunch.com/2020/09/03/cygilant-ransomware/?web_view=true