Artech Information Systems, one of the largest IT staffing companies USA, revealed that it suffered a data breach, which was caused by a ransomware attack that affected some of the systems at the beginning of the year. It is a private company with estimated annual return $ 810.000.000 in 2019 and about 11.000 employees and consultants in 40 US states, Canada, China and India.
Artech provides personnel and workforce solutions, program management and government services, with its customer list comprising more than 80 customers listed in F, as well as U.S. federal entities.
The company discovered the ransomware attack after it found ransomware on some of its systems, having noticed reports of unusual activity related to one of its employees' accounts.
A data breach notification letter to the affected individuals states that on the same day Artech hired a leading forensic firm to assess the safety of its systems and confirm the nature and extent of the security incident. In mid-January, the investigation found that someone had acquired unauthorized access in Artech systems, in space between 5 January 2020 and 8 January 2020.
The BleepingComputer learned about the attack on Artech servers on 11 January 2020, when his gang Revil / Sodinokibi ransomware leaked 337MB of files it allegedly stole from the company's servers, noting that this is only a small part of what it stole. In addition, Revil operators threatened that if the company did not take the necessary steps, they would sell the rest. data gathered. The data include commercial, financial and personal information.
REvil is a ransomware-as-a-service (RaaS) company that infringes on corporate networks through exposed remote desktop services, as well as service provider managers, using exploits and spam emails. Once they gain access to a victim's network, REvil operators steal sensitive and confidential data for later use as a "weapon" to persuade their victims to pay a ransom to prevent the stolen information from being leaked. In addition, once they gain administrator access to a controller domain and steal data from servers and workstations, REvil operators develop ransomware payloads on all computers on the compromised network.
Artech has discovered the personal, health and financial information of many individuals stored on compromised systems. Round on 25 June 2020 that the company completed the investigation into the alleged attack, was able to identify the individuals whose information was exposed to the data breach. This information is estimated to include the following: names, social security numbers, medical information, health insurance information, financial information, credit card details, driver's license numbers / ID numbers, passport numbers, visa numbers, digital signatures, usernames and passwords. However, it is worth noting that the combination of exposure information differs for each affected individual.
After the discovery of the attack, Artech changed them credentials to secure its systems, and also began working with external security experts to improve its existing security procedures and protocols.
Finally, Artech advises affected data breach alerted individuals to monitor their suspicious account statements and to be constantly vigilant for fraud or identity theft attempts. Their company also provides free card tracking and identity protection services through it Kroll.