Cybersecurity firm Cygilant infected with ransomware

Ironically, cybersecurity companies are the organizations most exposed to incidents. Such is the case of Cygilant, a signature dedicated to detecting cybersecurity threats that has been the victim of a ransomware infection. Through a statement, Chief Financial Director Christina Lattuca acknowledged that the firm was aware of a recent encryption malware infection affecting some of the company’s systems.

In the document, the company mentions: “Our Cyber Response and Defense Center has already taken appropriate steps to stop the infection. We are working in conjunction with external specialists and relevant authorities to determine the impact of that attack.”

#NetWalker #Ransomware claimed Cygilant as a victim and threatens to publish exfiltrated data from the hack in 13 days.

Cygilant, Inc, is a Boston-based security software-as-a-service company focused on information security and compliance objectives.

Employees: 84
Revenue: $34m pic.twitter.com/bo6i3s2mqM

- Ransom Leaks (@ransomleaks) September 3, 2020

Nothing is yet known about those responsible for the attack or the ransomware variant used, although some members of the cybersecurity community attribute the incident to NetWalker, a ransomware-as-a-service group that makes its tools and capabilities available to anyone willing to pay the price.

It has become customary that threat actors are not limited to encrypting compromised information, as they now also steal data and publish it on hacking forums, so company executives feared this would be the case. Cygilant’s fears were confirmed soon after, when some screenshots of files and directories of the company’s internal network were posted on a dark web site. At the time of publication the data had been deleted from that forum, although it is ignored whether the company paid the ransom.

Brett Callow, of security firm Emsisoft, claims that these hacking groups usually delete the information exposed after companies pay the ransom, although there are other scenarios: “Sometimes criminals delete this information temporarily in order to negotiate a ransom, so it is not yet possible to confirm whether Cylantgi has already made any payments.

Originally published at https://www.securitynewspaper.com on September 4, 2020.

Knowledge belongs to the world