[Security Weekly] World’s Second-Largest Laptop Manufacturer Compal Hit by Ransomware

Cover Image

2nd Week of November 2020


1. World’s second-largest laptop manufacturer Compal hit by ransomware

Compal Electronics, a Taiwanese manufacturer of laptops, monitors, tablets, and smartwatches, suffered an attack by the DoppelPaymer ransomware, as reported by Taiwanese media. Compal is the second-largest manufacturer of laptops in the world after Quanta Computer, another Taiwanese firm. Some of its clients include Apple, HP, Dell, Acer, Toshiba, Fujitsu, and Lenovo.

The attack was discovered on November 8. According to the ransom note disclosed by the company’s employees, the ransomware operators demanded a payment of 1,100 Bitcoins (roughly $17 million). All employees coming to work were told to back up any remaining important files, and to reinstall all encrypted workstations.

Local media reported that the attack affected an estimated 30% of Compal’s internal systems. However, despite all the news reports and supporting evidence, Compal officially denied that it was infected by ransomware, and claimed that it was not being blackmailed by any hackers.

Penta Security recommends investing in a database encryption solution like D’Amo to keep sensitive data safe from ransomware attacks, as well as to comply with international data privacy regulations such as the GDPR and CCPA. To learn more about D’Amo, click here.

Sources: ZDNet, Bleeping Computer


2. Hotel booking solution provider leaks personal data of millions of hotel guests

Prestige Software, a Madrid-based software company that provides hotel booking management solutions to hotels worldwide, exposed the personal information of millions of hotel guests due to a misconfigured Amazon Web Services S3 cloud storage bucket.

Prestige Software’s solutions enable hotels to automatically update their room availability information in real-time on booking websites like Agoda, Booking.com, Expedia, and Hotels.com. As such, the misconfigured bucket contained over 10 million files belonging to guests of different hotels around the world, with some of the records dating back to 2013. 

The exposed data contained personal information like full names, phone numbers, email addresses, ID numbers, reservation dates and details, and credit card numbers, CVV2s, and expiration dates. Even though there has been no evidence suggesting that the data was accessed by others, given how the bucket was exposed for years, there is a high chance that they may have been viewed by others prior to the discovery. If malicious actors had gained access to such information, the victims could face a wide range of attacks from identity theft and phishing scams to credit card fraud.

Prestige Software reconfigured the cloud storage bucket immediately after being contacted. However, the firm is likely to face a range of legal consequences as guided by GDPR and PCI-DSS.

Sources: Threatpost, Infosecurity


3. UVM Health Network forced to delay cancer treatments after cyberattack

The University of Vermont (UVM) Health Network suffered a cyberattack that forced its hospitals to delay chemotherapy and mammogram appointments, as well as to reassign more than 300 staff members. The hospital network contains six hospitals with over 1,000 physicians.

The attack occurred over the week of October 26. It initially gained access to the main server of the UVM Medical Center, and later moved through the internal IT systems to spread malware that impacted the entire hospital network. The attack severely impaired the hospitals’ cancer treatment capability, such that its daily chemotherapy appointments dropped from the 50s to 15. Even two weeks later on November 9, the hospitals were still unable to conduct any mammograms, breast ultrasound screenings, and biopsies.

The UVM Health Network did not specify the details on whether the attack was a ransomware infection or whether sensitive data was compromised. It did mention though that it was working with the FBI, the Vermont National Guard, and security experts from Microsoft and Cisco to review its systems to ensure patients receive timely treatments.

Sources: Threatpost, CyberScoop


4. Furniture giant Steelcase halts operations for two weeks after hit by Ryuk ransomware

Steelcase, the world’s largest office furniture manufacturer, was attacked by operators of the Ryuk ransomware, forcing it to halt all global operations for over two weeks. With over 13,000 employees, Steelcase has a significant presence on all five continents.

According to the Form 8-K Steelcase filed to the Securities and Exchange Commission (SEC), the attack occurred on October 22, after which the company had to shut down all its IT systems and their related operations to contain the spread of the infection.

Following the attack, Steelcase was completely shut down for over two weeks. All of its global operations were halted. This included all order management, manufacturing, and distribution activities. All its employees were given the option to apply for unemployment for the work hours lost.

Steelcase finally announced on November 12 that it had resumed all operations. However, due to the two-week outage, its customers would likely experience significant delays for the remainder of November. Fortunately, the company reassured its employees and customers that no personal information was stolen as a result of the attack.

Sources: Infosecurity, Bleeping Computer


Check out Penta Security’s product lines:

Web Application Firewall: WAPPLES

Database Encryption: D’Amo

Identity and Access Management: ISign+ 

Car, Energy, Factory, City Solutions: Penta IoT Security