Electronic appliances giant Whirlpool recently suffered a Nefilm ransomware attack which involved hackers accessing and stealing a large number of internal company documents, encrypting a number of devices, and publishing some stolen documents online to force the company to negotiate.
The Nefilm ransomware attack reportedly took place in early December with hackers infiltrating Whirlpool’s IT systems, exfiltrating vast amounts of employee-related documents, and contacting the company to inform about the breach, and presenting a ransom demand- the amount of which is not known yet.
While no hacker group has so far claimed responsibility for the attack, hackers behind the ransomware attack on Whirlpool have reportedly published a few company documents online, possibly to force the company to pay up.
“This leak comes after long negotiations and unwillingness of executives of Whirlpool Corporation to uphold the interests of their stakeholders. Whirpools cybersecurity is very fragile, which allowed us to breach their network for the second time after they stopped the negotiations,” the hackers said.
— Angelo G Longo (@aglongo) December 28, 2020
On its part, Whirlpool said it has restored all the affected IT systems and no customer data was impacted- indicating that the company has little incentive to negotiate with the hackers.
“We live in a time when Illegal cyber crimes are all too prevalent across every industry. Data privacy is a top priority at Whirlpool Corporation and we invest in the technology and processes to help protect our people, our data and our operations.
“Last month Whirlpool Corporation discovered ransomware in our environment. The malware was detected and contained quickly. We are unaware of any consumer information that was exposed. There is no operational impact at this time,” the company told BleepingComputer.
Information leaked by hackers online include employees’ accomodation requests, medical information requests, background checks, employee benefits, etc, indicating that the hackers may have breached particular Whirlpool servers that stored employee records and documents related to employee welfare.
Whirlpool is yet to comment on how much data was accessed by hackers or how many employees were impacted. However, the company told Fox23 on Monday that the attack did not affect any of the 1,600 workers employed at its manufacturing plant in Tulsa, Arizona.
Operators of the Nefilm ransomware previously targeted Luxottica, one of the world’s largest sellers of eyewear products and the owner of well-known eyewear brands such as Ray-Ban, Oakley, Vogue Eyewear, Persol, Oliver Peoples, Arnette, Costa del Mar, and Alain Mikli as well as licensed brands such as Giorgio Armani, Burberry, Bulgari, Chanel, Coach, Dolce&Gabbana, Ferrari, Michael Kors, Prada, Ralph Lauren, Tiffany & Co., Valentino, and Versace.
According to security researchers, hackers behind the ransomware attack took advantage of the fact that Luxottica used Citrix ADX controller devices that featured a vulnerability that allowed unauthorised actors to infiltrate corporate IT networks and steal credentials.
Image Source: Whirlpool Corporation