The American manufacturing company Bose has admitted that a ransomware attack hit their systems. The attack was accompanied by a data breach. This sophisticated cyber incident was first detected by the company on March 7, 2021.
According to an official letter sent by the company to the Attorney General Office in New Hampshire, Bose initiated a comprehensive process for hardening the security of their systems. They started an investigation of the incident immediately after they noted the attack.
External security experts have been hired for the recovery of the impacted systems by the audio maker. On April 29th, it was clear that hackers might have accessed a small number of internal spreadsheets.
As reported, the spreadsheets contain information on current and former employees. Obtained files store data about the workers’ names, social security numbers, and compensation info.
Recent examples of companies hit by ransomware include the Japanese tech company Toshiba which fell victim to the DarkSide ransomware as well as the AXA Cyberinsuarance Company hit by Avaddon Ransomware.
Bose Ransomware Attack – Security Measures Taken
After the ransomware attack, Bose took the following measures to defend corporate systems against future incidents:
- Enhanced malware/ransomware protection on endpoints and servers to further enhance our protection against future malware/ransomware attacks.
- Performed detailed forensics analysis on the impacted server to analyze the impact of the malware/ransomware.
- Blocked the malicious files used during the attack on endpoints to prevent further spread of the malware or data exfiltration attempt.
- Enhanced monitoring and logging to identify any future actions by the threat actor or similar types of attacks.
- Blocked newly identified malicious sites and IPs linked to this threat actor on external firewalls to prevent potential exfiltration.
- Changed passwords for all end-users and privileged users.
- Changed access keys for all service accounts.
On May 19th the company also sent notification letters about the breach to all individuals impacted by the incident.