Bad actors used a ransomware attack to target the Israeli offices of the customer engagement and digital intelligence company Verint. On 17 April, ZDNet received a screenshot taken by an employee who works at one of Verint's Israeli offices. The screenshot shows what appears to be a warning message which the data intelligence firm displayed on employees' computers. In it, the company notifies its workers about a ransomware attack.
Critical Ransomware Issue There is currently a critical issue affecting the on premise Email and Green zone VDI [Virtual Desktop Infrastructure] services. If you get a ransomware pop up, please turn off your machine immediately and notify The IT Help Desk. IT is working to contain and address the issue, including working with external resources. We are working to have this addressed as soon as possible and will provide updates as appropriate. For questions or concerns, please contact the IT Service desk at the numbers listed.
Verint confirmed the attack in stories published by Israeli news outlets TheMarker, Calcalist and Globes. A spokesperson for the company went on to explain that the firm's defensive systems "identified the attack immediately after it began and carried out the activity required to thwart it." This account coincides with CTech's reporting, which states that Verint detected the attack in the evening on 17 April at a time when most of the company's executives were at a conference in Italy. The firm detected the attack in its early stages, a spokesperson told CTech, thereby allowing its security teams to respond accordingly. The intelligence organization did not provide additional comments to ZDNet about the attack, though multiple outside sources confirmed the incident to the news outlet and said FireEye's Mandiant incident response team was on the scene. This news comes less than a year after talks fell through between Verint and NSO Group, an Israeli tech firm known for producing spyware. In the late spring of 2018, the two companies began discussing the possibility of Verint merging its security division with NSO Group, which thwarted an insider threat targeting its intellectual property in July. These talks ultimately ended with no deal reached. Organizations should use Verint as an opportunity to prevent a ransomware infection. They should begin by backing up their important files, personalizing their anti-spam settings and exercising caution around suspicious emails. Additional tips can be found here.
