Fraud Management & Cybercrime
,
Ransomware
Ransomware Group Accessed Out-of-Support ‘Rogue Windows 7 PC’ to Steal Data
A high-security fence manufacturer that supplies military bases and prisons said the LockBit ransomware group breached its digital barriers and leaked stolen data.
See Also: Live Webinar | Unmasking Pegasus: Understand the Threat & Strengthen Your Digital Defense
Zaun, based in Wolverhampton, England, said the LockBit attack occurred around Aug. 5 and didn’t result in any of its systems being forcibly encrypted thanks to its cybersecurity defenses. “We have been able to continue work as normal with no interruptions to service,” the company said.
On Aug. 13, LockBit listed Zaun as a victim on its dark web data leak site. In recent days, apparently owing to Zaun failing to pay the demanded ransom, LockBit posted to its leak site what it claims to be a 4.45 gigabyte archive file containing stolen data.
“At the time of the attack, we believed that our cybersecurity software had thwarted any transfer of data,” Zaun said.
LockBit accessed the one system on Zaun’s network that wasn’t fully updated and patched, the company acknowledged. “The breach occurred through a rogue Windows 7 PC that was running software for one of our manufacturing machines,” it said. “The machine has been removed and the vulnerability closed.”
Microsoft stopped supporting Windows 7 on Jan. 14, 2020, unless customers purchased expensive ongoing-support contracts.
Zaun said it believes LockBit stole data being stored on the Windows 7 system, and potentially also on a server, adding up to at most 10 gigabytes of data, or 0.75% of all data being stored.
LockBit’s claimed leak of data couldn’t be verified.
Ransomware researcher Jon DiMaggio recently told Information Security Media Group that due to infrastructure problems tied to the crime group’s rapid growth and inability to retain technical talent, LockBit is having difficulty reliably leaking stolen data, leading a large number of affiliates to quit the group (see: Victim of Its Own Ransomware Success: LockBit Has Problems).
Zaun is the U.K.’s only domestic manufacturer of woven and welded mesh fencing. The company, which also installs and maintains its products, bills itself as being the country’s “most effective border agency,” boasting about its “ability to implement solutions for technically demanding sites” around the world that have included the London Olympic Games in 2012, a NATO Summit in 2014, as well as for oil, gas, power and utility sites, and airports, prisons and at borders.
The company said none of the information LockBit might have stolen or leaked was sensitive or could be used to subvert products or installations. “Zaun is a manufacturer of fencing systems and not a government-approved security contractor,” it said. “As a manufacturer of perimeter fencing, any member of the public can walk up to our fencing that has been installed at these sites and look at it,” as well as use its website to learn about its products, which remain “available for unrestricted purchase.”
Zaun said it reported the breach to the Information Commissioner’s Office as well as the West Midlands Regional Cyber Crime Unit, which investigates serious hacks against local organizations. The company also said it’s pursuing recommendations received from Britain’s National Cyber Security Centre, which is the country’s incident response lead.
LockBit continues to be tied to numerous attacks. Cybersecurity consultancy NCC Group told Information Security Media Group that LockBit posted 78 victims to its data-leak site in May, 62 in June and 50 in July. Based on known ransomware attacks and victims, that makes the group’s victim count second only to Clop, which executed a high-profile data-stealing campaign against users of MOVEit file-transfer software beginning in late May.
Based on the latest available information, researchers at Emsisoft report that Clop successfully stole data directly or indirectly from over 1,100 organizations, with German cybersecurity consultancy KonBriefing reporting that at least 54 million individuals have been affected.