US Staffing Firm Hit by Ransomware Again
One of the largest IT staffing companies in America has been hit by a second ransomware attack in nine months.
Attackers deployed the ransomware three days after gaining unauthorized access to some of the company’s systems. The incident was picked up by the company following reports of suspicious activity on the user account of an Artech employee.
Ransomware gang REvil (Sodinokobi) presented themselves as responsible for the attack on Artech. After apparently failing to blackmail a ransom payment out of the company, on January 11 the gang leaked what they claimed was 337 MB of data stolen from Artech’s servers.
Now it appears that the company has been hit with ransomware for a second time, but from a different source.
The profitable business, which brought in around $810m in annual revenue last year, is among the victims listed on the website of the threat group MAZE.
Along with the announcement of the alleged hack, MAZE has uploaded a zip file of data it claims to have stolen from Artech.
Commenting on the alleged second ransomware attack, Emsisoft threat analyst Brett Callow told Infosecurity Magazine: “It’s not uncommon to see companies hit for a second time, and sometimes by a different ransomware group. In some cases, this will simply be coincidence. In other cases, it’s likely that the network was backdoored during the initial attack and the backdoor was subsequently sold or traded to whichever group carried out the second attack.”
Callow added that it was absolutely critical for any company hit by ransomware to take appropriate action to remediate the incident.
“Failing to do so can result in a second attacker’s maintaining a foothold in the network, monitoring communications, continuing to exfiltrate data, and encrypting it for a second time,” said Callow.
Artech is a privately-held firm that provides government services, workforce and staffing solutions, and program management. It employs over 10,500 staff and consultants across the United States, Canada, China, and India.