November 22, 2024 at 03:44AM
The SafePay ransomware gang has attacked UK telematics firm Microlise, demanding payment within 24 hours to prevent data leaks of 1.2 TB stolen. Major clients, including DHL and Serco, suffered service disruptions. Microlise reports most customer systems are back online, denying major data compromises while assessing the incident’s overall impact.
### Meeting Takeaways
1. **Incident Overview**: The SafePay ransomware gang has attacked UK telematics company Microlise, demanding payment within 24 hours to avoid data leaks. They claim to have stolen 1.2 TB of data.
2. **Customer Impact**: Major clients affected include DHL and Serco:
– **DHL**: Experienced significant disruptions in vehicle tracking, impacting deliveries.
– **Serco**: Encountered temporary disabling of panic alarms and tracking systems for prisoner transport vans, although services continued without major disruptions.
3. **Company Response**:
– Microlise initially described the situation as a “cyber incident” but has faced assertions that a ransomware attack did occur.
– They have made progress in restoring customer systems, stating that the majority are back online, though some customers are still verifying their systems’ security.
– No customer system data has been compromised, according to Microlise.
4. **Public Disclosures**:
– Two disclosures by Microlise: the first on October 31 indicated containment efforts were underway; a final update confirmed that although many systems were restored, the incident’s impact was under assessment without significant financial repercussions anticipated.
5. **SafePay Ransomware Details**:
– SafePay is a newly identified ransomware group with few victims recorded so far (22 logged).
– They have reportedly employed valid credentials to access systems without establishing ongoing access.
– Their methods include disabling Windows Defender and encrypting files quickly after data theft.
6. **Expert Consensus**: Cybersecurity experts suggest a strong likelihood of ransomware involvement based on Microlise’s messaging and reported disruptions.
7. **Future Vigilance**: The incident underscores the necessity for organizations to reinforce their cybersecurity measures and remain vigilant against new ransomware tactics.
8. **Acknowledgment**: Microlise expressed gratitude to its customers for their understanding during this period of disruption.
### Next Steps
– Further assessment of the overall impact by Microlise.
– Continuous monitoring for information from the SafePay ransomware group as they emerge in the cybercrime landscape.