Dragos, a cybersecurity company, became the target of a cybercriminal aiming to deploy ransomware (opens in a new tab) and cheat the company.
The attempt failed, and Dragos shared details of what happened, hoping it would help other companies that might find themselves in a similar situation in the future.
IN blog post (opens in a new tab), Dragos reported that a cybercriminal managed to gain access to the company’s systems via a previously compromised email account belonging to a newly hired staff member. They used access to impersonate a new employee and access to resources “usually used” by new sales employees, in SharePoint and the Dragos contact management system. They were also able to obtain a report with the IP addresses associated with the client, prompting Dragos to contact the client immediately.
“Unfortunate” theft
The company believes it detected the attacker in time and prevented more damage from being done.
“We believe our layered security measures have prevented the threat actor from achieving what we believe is their primary goal of running ransomware,” the blog reads. “They were also prevented from making lateral moves, escalating privileges, establishing permanent access or making any changes to the infrastructure.”
However, this did not stop the attackers from trying to extort the data they had taken from the company. Soon after, they contacted the company’s management via WhatsApp, threatening to share sensitive data on the dark web. “WE HAVE EVERYTHING,” reads one of the messages.
As the company did not budge, the attackers resorted to mentioning family members as well as reaching out to other Dragos contacts to try to create a backlash.
“While the third-party incident response company and Dragos analysts believe the incident has been brought under control, the investigation is ongoing,” the blog continues. “The data that has been lost and is likely to be made public because we chose not to pay extortion is regrettable. However, we hope that highlighting adversary methods will help others consider additional defenses against these approaches so as not to fall prey to similar efforts.”