Wave Systems Corp. (fka WAVXQ)

[Genz2]

Hackers Steal and Ransom Financial Data Related to Some of the World’s Largest Companies

https://motherboard.vice.com/en_us/article/d3np4y/hackers-steal-ransom-citycomp-airbus-volkswagen-oracle-valuable-companies

The data was stolen from Citycomp, which provides internet infrastructure for dozens of companies including Oracle, Airbus, Toshiba, and Volkswagen.

Hackers have broken into an internet infrastructure firm that provides services to dozens of the world’s largest and most valuable companies, including Oracle, Volkswagen, Airbus, and many more as part of an extortion attempt, Motherboard has learned. The attackers have also released data from all of those companies, according to a website seemingly set up by the hackers to distribute the stolen material.

Citycomp, the impacted Germany-based firm, provides servers, storage, and other computer equipment to large companies, according to the company’s website. Michael Bartsch, executive director of Deutor Cyber Security Solutions, a firm Citycomp said was authorized to speak about the case, confirmed the breach to Motherboard in an email Tuesday.

“Citycomp has been hacked and blackmailed and the attack is ongoing,” Bartsch wrote. “We have to be careful as the whole case is under police investigation and the attacker is trying all tricks.”

On a website apparently created to distribute Citycomp client data, the hackers claim they are in possession of “312,570 files in 51,025 folders, over 516GBb data financial and private information on all clients.” Some of the clients include Ericsson, Leica, Toshiba, UniCredit, British Telecom, Hugo Boss, NH Hotel Group, Oracle, Airbus, Porsche, and Volkswagen, according to a list of the victims on the website.

It appears the data may relate to German offices of those companies. Several entities in the victim list have the “GmbH” title; the German term for a limited liability company. Two supermarkets popular in Germany, REWE and Kaufland, are also included.

“We have informed and warned all concerned clients,” Bartsch said.

“There was full transparency about the attack and theft as well as public release of the data with our clients from the very beginning. The support is unanimous,” he added.

Before Bartsch’s confirmation, Motherboard contacted multiple Citycomp clients on Monday, including British Telecom, Oracle, Airbus, Porsche, and Ericsson. None responded to a request for comment.

“We have to be careful as the whole case is under police investigation and the attacker is trying all tricks.”

The files are publicly available for download on the data site. Some victims only have one, two or three files listed, while others have hundreds.

The post said that the files would be released on April 31st, 2019 (there are only 30 days in April).

Increasingly, hackers have threatened to release or simply dump data belonging to a victim in order to pressure them into paying a ransom. Bartsch said the company has not given in to such a demand, though.

“We did not yield to the extortion demands and our analysts are conducting a profound technical and forensic analysis on the attack,” he wrote.

On the data website, the hackers included an email address to contact them. That email is also the contact address for at least one previous ransomware campaign. The hackers did not immediately respond to a request for comment.

Update: This piece has been updated to include that the attackers' email address is also linked to a ransomware campaign. It has also been updated to say that the files are now available for download.
==================================================================
Only allowing known devices on sensitive networks would help prevent instances like in the article above!! Wave has this protection, but it is not being used by a LOT of organizations and it should be!! The link and excerpts below simply explain Wave ERAS, and the enormous benefits of only allowing known devices on sensitive networks are obvious!!!
==================================================================
https://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management

Secure device & user authentication

Sometimes it feels like security is more effective at deterring your users than hackers. But you still have to protect your enterprise resources, and we’re here to help. We take pride in securing your network, data, and resources to an unprecedented level, without causing a revolt from either IT or your users. In fact, your users probably won’t even know we’re there.

Here’s how it works:

Trusted Platform Module (TPM) + Wave’s ERAS for TPM Management = hardware-secured, fully-managed authentication

Most of your devices already come with TPMs (check out our “What is a TPM?” brochure if you’re not sure why this is exciting). This security chip comes attached to the motherboard of most enterprise-class PCs. There’s nothing “add-on” about it. The TPM provides a verifiable, unique identity for each machine.

Wave’s ERAS for TPM Management gives IT remote, centralized management of all TPMs on enterprise computers and tablets.

With this control, IT can set policies and dictate which machines and users have authority to access which resources. IT can ensure that only known and approved devices are accessing your network. And what’s more, IT can prove it with detailed activity logs.