ALPHV Claims The Automatic Systems Ransomware Attack


On June 3, 2023, Belgium’s Automatic Systems uncovered a ransomware attack, which has now been claimed by the notorious ALPHV group.

The cybercriminals specifically targeted a segment of the company’s servers, as confirmed by a notification prominently displayed on the company’s homepage, leading to the Automatic Systems ransomware attack.

Automatic Systems, renowned for its expertise in secure entrance controls and access control equipment, fell victim to this cyber attack perpetrated by the ALPHV ransomware group.

Screenshot of the Automatic Systems website

Automatic Systems ransomware attack

“ALPHV #ransomware group added Automatic Systems (automatic-systems.com), a company specializing in the automation of secure entrance control, to their victim list,” Threat Intelligence Service Falcon Feeds tweeted mentioning the Automatic Systems cyber attack.

They also posted the following screenshot from the dark web portal of the BlackCat/ ALPHV ransomware group.

Automatic Systems ransomware attack
(Photo: Falcon Feeds/ Twitter)

While the Belgium-based Security system supplier discovered the cyber attack early in June, the ALPHV cybercriminal group claimed the Automatic Systems ransomware attack on June 12.

It is likely that the ALPHV members contacted the company with their ransom demands and waited for their reply in the interim.

After about 9 days, the group posted about the Automatic Systems ransomware attack on their dark web portal.

The Cyber Express team reached out to the company and is still awaiting a response regarding the cyber attack on Automatic Systems.

Automatic Systems addresses cyber attack, ALPHV ransomware mocks company’s security

Upon uncovering the security incident, Automatic Systems promptly issued a statement reassuring users that they had implemented essential protective measures to halt the progression of the ransomware.

“Automatic Systems immediately took specific protection measures to halt the advance of the ransomware. The company called on external cybercrime experts, who are currently supporting the internal IT teams around the clock,” the company notice read.

However, the BlackCat ransomware group has ridiculed the company’s security systems claiming that the company had implemented insufficient safeguards on its network.

The group further added that the vulnerability enabled them to gain unauthorized access to the company’s systems and steal data.

Data stolen from the Automatic Systems cyber attack

Automatic Systems ransomware attack
Screenshot of ALPHV’s website (Photo: Falcon Feeds/ Twitter)

According to the screenshot shared by Falcon Feeds, the hackers have released 121 attachments with data allegedly from the Automatic Systems data breach.

ALPHV stole the company’s sales data, and logistics information from the Automatic Systems ransomware attack. They claimed to have stolen insurance-related documents also.

Besides those, the following data was also allegedly stolen from the Automatic Systems ransomware attack –

  1. Personal data belonging to the clients and partners
  2. Internal classified data
  3. Financial and banking data of clients and the company
  4. Internal business documents
  5. Strategic and analytical data
  6. NDA contracts
  7. Passport data of employees of Automatic Systems and its clients
  8. Drawings, descriptions, and engineering and technical information about products

They claimed to have passwords from accounts and access to several company resources and partners through the alleged Automatic Systems data exfiltration.

Automatic Systems breach leaves NATO, military security at risk

The ALPHV cybercriminals also claimed to have recordings of calls from the Automatic Systems cyber attack. Moreover, they had access to confidential documents pertaining to NATO and the procurement of equipment for military companies which had installation schemes, and data about security equipment.

Triple extortion by the ALPHV ransomware group

The ALPHV ransomware group functions as a ransomware-as-a-service since its discovery in November 2021. They extort money using the triple extortion technique by first hacking the systems, stealing data, and encrypting system information.

They try to extort money not only for decrypting the information and not releasing it publicly but also threaten to launch distributed denial of service (DDoS) attacks to render the website inaccessible by sending several requests to the network.





Source link