Ransomware is indiscriminate when it comes to the size of an organization or industry, and some pro AV companies are finding that out the hard way.
Toshiba last week said it was the victim of a ransomware attack, and now Bose is also disclosing that it too suffered a similar fate earlier this month, although the damage appears to be limited.
According to a notice filed with the New Hampshire Attorney General’s office, the company first detected the “sophisticated” ransomware attack on its internal U.S. systems on March 7, and immediately initiated incident response protocols and activated its IT team to contain the incident and harden defenses.
However, the company did not pay any ransom.
Bose provided this statement to Commercial Integrator:
We experienced a sophisticated cyber-attack in March. We recovered and secured our systems quickly \with the support of third-party cybersecurity experts. We also notified the FBI. During our investigation, we identified a very small number of individuals whose data was impacted, and we sent notices to them directly in accordance with our legal requirements.
We did not make any ransom payment. There is no ongoing disruption to our business, and we are focused on providing our customers with the great products and experiences they have come to expect from Bose. We know how important it is to safeguard the information entrusted to us, and we remain committed to defending against cyber threats.
On April 29, the investigation revealed that data from internal human resources files relating to six former New Hampshire-based employees was accessed and potentially exfiltrated. Data includes names, social security numbers, and compensation-related information.
“The forensics evidence at our disposal demonstrates that the threat actor interacted with a limited set of folders within these files,” the company said in the notice. “However, we do not have evidence to confirm that the data contained in these files was successfully exfiltrated, but we are also unable to confirm that it was not.”
The company said in its notice that it has engaged experts to monitor the dark web for that potentially stolen data, and has since implemented measures to protect against future attacks, including:
- Enhanced malware/ransomware protection on endpoints and servers
- Detailed forensic analysis on impact server to analyze the impact
- Blocked malicious files used during the attack on endpoints
- Enhanced monitoring and logging
- Blocked newly identified malicious sites and IP addresses linked to the specific threat actor
- Changed passwords for end users and privileged users
- Changed access keys for all service accounts
The company also offered the impacted former New Hampshire employees identity protection services for 12 months, according to the notice.
Let this be yet another reminder that no organization is safe from ransomware, and the pro AV industry needs to harden its defenses to avoid being forced to pay a ransom or having sensitive data stolen and leaked.