[Security Weekly] MasterChef Producer Banijay SAS Attacked by DoppelPaymer Ransomware

1st Week of December 2020

 

1. MasterChef producer Banijay SAS attacked by DoppelPaymer ransomware

Banijay SAS, a French-based TV production and distribution giant owning over 120 production firms around the world, was attacked by the DoppelPaymer ransomware in early November. Banijay SAS produces a number of popular reality shows including MasterChef, Survivor, and Big Brother. 

On November 26, Banijay SAS disclosed that it had suffered a cyberattack that potentially compromised the personal information of its current and former employees along with other sensitive corporate data. It further stated that the attack only affected the networks of Dutch-based Endemol Shine Group and Endemol Shine International, both acquired by Banijay SAS back in July in a $2.2 billion deal.

The incident was immediately reported to data regulatory authorities of Britain and the Netherlands. Despite not yet acknowledged by the firm, the DoppelPaymer ransomware claimed responsibility for the attack and released a portion of the stolen files online. The ransomware operators also threatened Banijay SAS by claiming that it had GDPR violations. 

Having a database encryption solution is the easiest way to keep sensitive data safe from double extortion ransomware attacks and to comply with the GDPR. D’Amo is a plugin-type database encryption solution that provides quick and easy column-level encryption compatible with all major DBMSs and open source databases. Click here to learn more about D’Amo.

Sources: Infosecurity, Bleeping Computer

 

2. Struggling retail giant Kmart takes critical hit by Egregor ransomware

Kmart, a struggling US department store chain who used to be a giant competing with Walmart, suffered an attack by the Egregor ransomware. The company had been on the decline since its former parent company Sears filed for bankruptcy. Now with fewer than 50 stores left, the company took a painful hit in the middle of the critical Christmas shopping season.

The ransomware infected not only Kmart’s network, but also that of its parent company Transformco, which acquired Kmart in 2019. The ransomware operators encrypted a number of internal systems and servers, after which Kmart was locked out of all its backend services. According to the ransom note, the attackers compromised Kmart’s entire Windows domain.

Since the Egregar ransomware is infamous for its double extortion attacks, it is possible that some of Kmart’s data could have been stolen as well. As of yet, there has been no official confirmation of any data leakage.

Sources: Threatpost, Bleeping Computer

 

3. COVID-19 vaccine cold chain under attack by massive phishing campaign

IBM X-Force Research and the US Department of Homeland Security issued a joint statement warning that an on-going large-scale phishing campaign has been targeting organizations in the COVID-19 vaccine cold chain since September.

The COVID-19 vaccine cold chain is a group of organizations dedicated to keeping the vaccine in temperature-controlled environments during transit and in storage. Most of these organizations are part of GAVI, a global partnership consisting of public and private members with the goal of increasing immunization in underdeveloped regions.

The phishing campaign targeted GAVI organizations across Europe, South Korea, and Taiwan. One of the phishing emails pretended to be sent from an executive from Haier Biomedical, a Chinese firm that is part of GAVI. The email contained a malicious attachment that tricked the recipients into entering their company login credentials to access the content.

A compromise of these companies’ login credentials could lead to severe consequences as the attackers would be able to gain access to the procedures and plans for COVID-19 vaccine distribution, and could use the stolen information to interrupt the vaccination process against selected targets.

Sources: Security Intelligence, BBC

 

4. Cyberattack at mental health provider leaks personal data of 295,000 Colorado patients

AspenPointe, a non-profit mental health provider based in Colorado Springs, Colorado, suffered a serious cyberattack that compromised the personally identifiable information (PII) of over 295,000 patients.

AspenPointe disclosed the data breach in a notification letter sent to its patients on November 19. The letter revealed that the company discovered an intrusion into its network between September 12 and September 22. After over a month of investigations, the company concluded that the personal data of 295,617 patients were compromised in the attack. This included highly sensitive information such as their full names, dates of birth, social security numbers, driver’s licence numbers, medical insurance details, dates of visit, and diagnosis codes.

Due to the sensitivity of the compromised data, AspenPointe offered each victim a year of identity theft protection and an insurance policy of $1 million.

Sources: Infosecurity, Bleeping Computer

 

Check out Penta Security’s product lines:

Web Application Firewall: WAPPLES

Database Encryption: D’Amo

Identity and Access Management: ISign+ 

Car, Energy, Factory, City Solutions: Penta IoT Security