Bose said the company "worked carefully and methodically with cybersecurity experts to get its systems back online in a secure manner." True, the cautious wording of the incident notification sent to the American authorities does not make it clear whether the company paid the ransom or not.
An internal investigation showed that cybercriminals managed to gain access to documents from the personnel department. In particular, they were able to see the names of Bose employees, social security numbers, and data related to compensation payments. However, while the attackers had access to the folders, the company cannot say with certainty whether they stole them or not. In this regard, she turned to the law office in order to warn all potentially affected employees and offer them to use the identity protection service free of charge for 12 months.
As a security measure, Bose has strengthened endpoint and server protection against malware/ransomware, conducted detailed analyzes of infected servers and analyzed the damage from the attack, blocked malicious files on endpoints to contain the spread of infection, and increased monitoring and logging to identify further attackers' actions. , blocked new sites and hacker-related IP addresses in external firewalls, changed passwords for all users and changed access keys to all service accounts.
As of this writing, none of the largest cyber ransomware groups claimed responsibility for the incident. Even Bleeping Computer reported that there is no evidence of leaked stolen data on the dark web. but security firm, UpGuard tweeted about the leaks and its price listed on the Dark web.
(7/8)— UpGuard (@UpGuard) May 25, 2021
All prices in USD:
- Credit card data (with pin): $28
- Credit card data (with CVV): $34
- Email database dumps: $10
- Crypto accounts: $471
- Social media accounts: $20
- Service subscriptions: $85