ATM and Payment Tech Provider Hit by ProLock Ransomware
ATM provider Diebold Nixdorf suffered a ransomware attack that began in April. Attackers used ProLock ransomware. Field service support to about 100 customers were impacted by while the attack was mitigated. No ATMS or customer networks were affected reports KrebsOnSecurity.
ProLock ransomware is a data encrypting Trojan. The Trojan is typically targeted at businesses. It locks files on an infected computer and demands a ransom to release control. Money demanded for ransomware can be extraordinarily high causing companies to look to insurers to pay.
“Unfortunately, cybercrime is an ongoing challenge for all companies,”says Diebold Nixdorf in a statement to KrebsOnSecurity.
According to a cyber security firm Krebs on Security, the attack was discovered on April 25. Hackers user ProLock ransomware. After suspicious behavior on corporate network was discovered, systems were disconnected to contain the attack.
In 2019, hundreds school districts, universities, and governmental organizations were attacked by ransomware. Many opted to pay to release their files.
PwndLocker / ProLock Ransomware
PwndLocker ransomware was rebranded as ProLock. It changes the file extension of infected files to “.ProLock.” ProLock can infect including documents, images, and videos.
After infection, ProLock leaves a note on the infected computer with instructions on how to pay so the files can be decrypted. Typically, malware ransom is payable in Bitcoin. Initially cyber security researchers developed a tool to decrypt PwndLocker files. But the hackers patched the flaw, so free decryption tools no longer work.
Diebold Nixdorf did not divulge how much the hackers demanded as ransom. They did however, state that they did not pay. Antivirus software is available to decrypt ransomware.
On March 17, 2020 PeterM, a cyber security researcher at Sophos, tweeted that ProLock is active in the wild. It can be deployed using BMP image files.
How to Protect Against Ransomware
Ransomware attacks can often be prevented by using antivirus software to protect computers and phones. Device users can also learn to recognize the signed of malicious emails, websites, and links. Sometimes malware is bundled with other legitimate software and an antivirus app combined with training is the best defense.
• Back up files on a regular schedule. That way, if a device is locked up by ransomware attack you won’t be inclined to pay the fee
• Keep devices and software updated with the latest security patches. Many malware attacks exploit vulnerabilities that have already been patched by hardware manufactures and software developers. The global 2017 WannaCry malware attack infected and took over hundreds of thousands of Windows computers. They flaw that WannaCry exploited had been patched months earlier by Microsoft.
• Learn how to recognize phishing emails, suspicious links, scams, and other common met hinds used to deploy malware camp sings
A statement from Diebold Nixdorf to KrebsOnSecurity. “Our leadership has connected personally with customers to make them aware of the situation and how we addressed it.”
What is Diebold Nixdorf?
Diebold Nixdorf [NYSE: DBD] provides automatic teller machines (ATMs), point-of-sale systems, and payment software to banks and retailers. The company is based in Canton, Ohio.