It appears that Netfilim ransomware is a new type of infection, after the coronavirus pandemic, wreaking havoc among large-scale businesses. On 5th May, there were reports of this ransomware targeting two corporate giants, Australian transport company Toll Group and maker of American lingerie brand Victoria’s Secrets.
Over the past few weeks, ransomware attacks have been targeting a large number of industries, from healthcare systems, supply chains, foreign exchange to schools, and government agencies. Contrary to the popular notion that these attacks are primarily focussed on critical sectors, a new form of ransomware called the Netfilim ransomware has gone ahead and even attacked a lingerie maker.
Netfilim ransomware kills two birds with one stone
MAS Holdings, a Sri Lankan clothing manufacturer, who manufactures undergarments for popular clothing brands like Beyonce-founded Ivy Park, Victoria’s Secrets and Nike, reported on Tuesday that a group of extortionists have gotten hold of some 300GB worth of private information and threatening to post it all online if their demands aren’t met.
What is more alarming is that the hackers now have access to all the confidential information, including agreements and access details, which could eventually result in targeting these renowned clothing brands.
In another similar case, Australian logistics and warehouse giant Toll Group, which had just managed to bounce back from its previous month-long cyber attack, reported a second significant disruption of services on Tuesday.
Toll Group, which is privately owned by the Japan Post, was targeted by a group of Russian hackers in March which crippled its IT systems for over a month, ultimately resulting in significant losses. Hackers, however, were unsuccessful in their attempts to demand a ransom.
Unfortunately for the firm, the nightmare didn’t end there. Attacked again, this time by the Netfilim ransomware, the firm has decided to shut off its systems once again. The workers have been asked to rely on their personal devices as the company systems and applications have all been taken down as a precautionary measure.
Ransomware attackers are highly connected, Emsisoft
Although it is still unclear as to how much ransom these Netfilim ransomware attackers are demanding in both cases, Toll Group has announced that it is not considering a payout option at this time. The firm has systematic manual processes and business continuity plans in place to mitigate the impact.
Brett Callow, who works as a senior cybersecurity expert with Emsisoft, told Sky News that Netfilim ransomware is typically known to steal private documents from a computer and use it as a threat to post it online if the demands are not met.
This group of criminals also appears to be highly networked as they threaten to sell the stolen information on the darknet and even to competitors, at times. Unfortunately, since the probability of data misuse, monetization, and customer phishing is too high, whether the victim meets their demand or not, speedy disclosure to all stakeholders is extremely critical, Callow asserted.