Italian luxury fashion brand Moncler SpA has been struck by a ransomware attack that has resulted in the publication of stolen data.

The ransomware attack occurred in December, with the data stolen in the attack appearing this week on the dark web, a shady corner of the internet for illicit activity. A group by the name of AlphV/BlackCat is taking responsibility for the ransomware attack.

The data stolen included data relating to employees, former employees, supplies, consultants, business partners and customers, according to Bleeping Computer. The company said it had rejected paying the ransom demanded in the attack because it goes against its founding principles. The AlphV/BlackCat ransomware gang claims to have demanded $3 million not to publish the data.

Moncler did note that no data relating to credit cards or other means of payment were compromised, since the company doesn’t store such data on its systems. Moncler added that it was deeply sorry for what had happened and for any inconvenience or concern this situation may have caused to stakeholders. The company activated a team of cybersecurity experts at the time of the attack and has since strengthened its information technology security measures.

The Alphv/BlackCat ransomware group first emerged in December and was noted at the time as using the first professional ransomware strain that was coded in the Rust programming language and deployed against companies. According to Recorded Future, the gang advertises its software on a ransomware-as-a-service basis on cybercrime forums, inviting others to join it and launch attacks against large companies.

“How does an organization make a decision that impacts the private information of individuals?” Purandar Das, co-founder and chief executive officer at encryption-based security solutions company Sotero Inc., told SiliconANGLE. “Does the fact they are employed or in a commercial relationship with the organization give them the right to allow a criminal to publish it? Where does an organization’s responsibility lie in terms of protecting its employees from being impacted?”

Kim DeCarlis, chief marking officer at application protection form PerimeterX Inc. noted that data breaches are part of the web attack lifecycle and continue to fuel account takeover and credential-stuffing attacks.

“Therefore, we need to protect the apps that power our daily lives by disrupting the web attack lifecycle,” DeCarlis said. “This includes stopping the theft, validation and fraudulent use of account and identity information everywhere along the digital journey.”

Photo: Huichimai Fang/Wikimedia Commons

Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.


Source link