The well-known audio equipment company Bose said that it suffered from an attack of unknown ransomware that occurred back on March 7, 2021. The attack targeted the company’s systems in the United States, and although the incident was noticed on the same day, the hackers managed to deploy the ransomware on the internal Bose network.
Ultimately, the company’s network was restored, but it is not known whether Bose paid the ransom to the attackers or whether the restoration was made from backups.A months-long investigation into the incident reportedly revealed that ransomware had gained access to internal HR files. These files contained information about Bose employees (past and present), including names, social security numbers, and payroll information.
It is emphasized that the attackers “interacted with a limited set of folders.” That is, the company has evidence confirming that hackers gained access to classified information, but it is not possible to determine whether the files were stolen or not.
Bose hired a law firm to notify all affected employees of the incident and offer them 12 months of free privacy protection services.
The company also says it has taken the following measures to improve protection:
- changed passwords for all end and privileged users;
- changed access keys for all service accounts;
- external firewalls blocked all detected malicious sites and IP addresses associated with attackers to prevent potential data theft;
- improved monitoring and logging to detect the actions of intruders and similar attacks in the future;
- to prevent the spread of malware and data theft, malicious files used during the attack on endpoints were blocked;
- a thorough forensic analysis of the affected server was carried out;
- endpoints and servers have improved protection against malware in general and ransomware in particular.
Let me remind you that I also reported that Babuk Locker Ransomware Operators Threatened to Disclose Police Informants.