Network Security
Vulnerability Management
Privileged Access Management
Endpoint Security
Threat Hunting
Unified Endpoint Management
Email & Collaboration Security
Contents:
The Romanian branch of NTT DATA has reportedly been targeted in a significant cyber attack, with the RansomHub ransomware group claiming responsibility.
The hackers allege that they have exfiltrated 230 GB of sensitive data. The attack was first detected on June 14, 2024, and the cybercriminals have set a ransom deadline of July 5, 2024, threatening to publish the stolen data if their demands are not met.
RansomHub’s Note (source)
The RansomHub ransomware group has claimed responsibility for the alleged attack on NTT DATA Romania.
This group is known for a series of high-profile cyberattacks in recent months, including attacks in Italy and on major organizations like Christie’s auction house and United Health.
Meanwhile, hackers leaked the data on the dark web, which seems to include personal and recruitment data, project and business data, backup files, client and financial data, legal documents, COVID files, and various other documents.
🚨 NTT #CyberAttack Update: 🚨
The hacking group RansomHub leaks the data they claim to have exfiltrated from Romanian branch of NTT.
Upon initial analysis, the published leak contains Personal and Recruitment Data, Project and Business Data, Backup Files, Client and Financial… https://t.co/LDQkT0Sga7 pic.twitter.com/y9XzedhS3S
— HackManac (@H4ckManac) July 6, 2024
Official statements
Japan’s NTT Data Group acknowledged on Wednesday that its Romania unit experienced unauthorized access in June.
A spokesperson for the company stated that they are investigating how the breach occurred and whether any information was leaked.
The unauthorized access was detected on an old network that the Romanian unit was no longer using as its main network.
NTT DATA Romania has officially denied that a ransomware attack took place. In a statement to Romania Journal, the company said:
No ransomware attack. While there has certainly been some suspicious activity detected relating to a legacy server, the quick response taken by our security team prevented any further damage.
On 14th June, suspicious activity was detected by our security monitoring team on a legacy server, separate from our corporate network. We immediately activated our Incident Response protocols and rendered the entire environment completely inaccessible and inactive.
Additional measures to mitigate any further risk and protect the data of our customers were also activated. At this time, there is no visibility that client data has been affected.
We are conducting an in-depth investigation into the situation and take the security of our client data very seriously.
NTT Data Romania official statement (Source)
Preventing ransomware attacks
In the case of a ransomware attack, while encrypted data can be recovered via backups, data exfiltration remains a significant threat.
To prevent this type of attack make sure you have the following cybersecurity measures in place:
- DNS Protection – most data exfiltration occurs through DNS. A reliable DNS protection solution can block communication with suspicious or malicious domains.
- Firewall solutions – a good firewall can help defend against brute force attacks. Advanced firewalls can detect and block malicious traffic, including brute force attempts where attackers try to gain access by systematically guessing passwords.
- Extended Threat Protection – solutions like Heimdal XTP can flag data exfiltration attempts, alerting the systems to data leaks within the company.
The Heimdal XTP engine offers superior protection against next-generation threats by providing detailed analysis of cybersecurity risks and vulnerabilities, categorized by MITRE ATT&CK tactics and techniques.
Using intel from over 1400 sigma rules, it can identify sophisticated threats, providing comprehensive insights such as process trees and attack mechanisms.
Heimdal® Next-Gen Endpoint Antivirus
- Multiple layers of detection.
- Enhanced Brute-Force Protection.
- Remote device control with MDM.
If you liked this piece, you can find more on the blog. Follow us on LinkedIn, Twitter, Facebook, and YouTube for more cybersecurity news and topics.
Madalina, a seasoned digital content creator at Heimdal®, blends her passion for cybersecurity with an 8-year background in PR & CSR consultancy. Skilled in making complex cyber topics accessible, she bridges the gap between cyber experts and the wider audience with finesse.
