Details of the incident hint that the company was the victim of a standard double-extortion ransomware incident, where the attackers stole the files, encrypted their systems, and threatened Empress EMS with the publishing of data unless a ransom is paid.
Empress EMS did not give any information about the group that carried out the attack. BleepingComputer claims that the Hive ransomware gang was actually responsible for the attack. For the stolen data, the gang had created a private entry, which was later taken down from the website.
Additional proof that Hive was responsible for the cyberattack has been made public by DataBreaches.net. The source revealed an email sent to Empress EMS by the attackers in which they revealed their involvement in the attack and the information they were able to gather. Hive was able to access about 280 GB of data, including SQL databases with reports, company data, customers data, and other information.
Investigations Are Being Made
The incident was reported to law enforcement and Empress EMS took measures to contain it.
We strengthened the security of our systems and will continue enhancing our protocols to further safeguard the information in our care.
American consumer rights law firm Cole & Van Note declared that they are looking into the situation to determine whether there is a basis for legal action or financial compensation on behalf of the affected parties.
Cristian is a Content Editor & Creator at Heimdal®, where he developed a deep understanding of the digital threat landscape. His style resonates with both technical and non-technical readers, proof being in his skill of communicating cybersecurity norms effectively, in an easy-to-understand manner.