The ransomware attack targeting Collabera and its breach was leaked through internal memo distributed by the company to its employees. The memo reveals that the IT firm first discovered the presence of malware on its systems on June 8th. It found out that the hackers had exfiltrated some data from its computers on June 10th.
The memo drafted by HR senior director Mike Chirico reads, “On June 8, 2020, Collabera identified malware in its network system consistent with a ransomware attack. We promptly restored access to our backup files and immediately launched an investigation to determine the nature and scope of the event. On June 10, we became aware that the unauthorized party obtained some data from our system. We are working with outside experts and law enforcement to conduct a more detailed review of the incident.”
The information stolen by the ransomware includes workers names, addresses, contact, social security numbers, dates of birth, employment benefits, passport and visa details. It is not known whether the tech firm has paid the demanded ransom or not.
Maze ransomware has targeted a long list of companies. The list includes a Brazilian government website, Macedonian shipping company, an energy company in Brazil, and a US-based construction company. The ransomware operators have a long history of stealing the data before locking their target devices and demanding ransom. The threat actors capitalise on the reputational consequences of their target.
There are various threat actor groups leveraging Maze ransomware to attack organisations around the world. Maze uses known vulnerabilities like the Pulse VPN CVE-2019-11510 to break in. The employees working from home must be careful when accessing sensitive company information.