Contents:
On July 7th, Swiss online consumer outlet Comparis has filed a criminal complaint over a ransomware attack that blocked some of its information technology systems. The attackers demanded $400,000 (CHF370,000) in cryptocurrency to put the website back in operation.
Comparis is the leading comparison platform in Switzerland. The company compares the prices and products of health insurers, insurance companies, banks, and telecom providers and offers the largest Swiss online marketplace for cars and property. With over 80 million visits each year, Comparis ranks among the most widely used websites in Switzerland.
The company released a statement on Friday declaring:
As far as we know, most databases do not seem to be affected by the incident. Unfortunately, first detailed analyses suggest that the perpetrators had access to certain customer-relevant data of sister company Credaris, whose systems are partly operated in the same server environment.
Credaris is an independent credit service provider that offers safe and easy access to loans.
According to Comparis representatives, the company’s website, which allows consumers to compare prices for goods and services, is working normally again, but access via e-mail and customer hotline may still be limited as they’re working with cybersecurity specialists on a complete recovery.
The identity or location of the threat actor is still unknown and the ransom demand took the form of a URL implanted in a secure area of the IT system.
Heimdal™ Ransomware Encryption Protection
- Blocks any unauthorized encryption attempts;
- Detects ransomware regardless of signature;
- Universal compatibility with any cybersecurity solution;
- Full audit trail with stunning graphics;
A Growing List of Ransomware Attacks
High-profile cases have also been making headlines. Recently, thousands of companies worldwide, including Swedish supermarket chain Coop, were paralyzed by a recent attack on United States IT services provider Kaseya.
REvil ransomware, a prolific, Russia-linked cybercrime gang, took credit for the breach. The REvil affiliate responsible for this attack decided to forgo the standard tactics and procedure and used a zero-day vulnerability in on-premise Kaseya’s VSA servers to perform a massive and widespread attack without actually accessing a victim’s network. This tactic can be considered successful as it led to the most significant ransomware attack in history. The data of 60 customers, plus around 1,500 downstream businesses have been impacted by the attack.
Comparis did not comment on whether the two incidents were somehow linked.
So far, the company did not pay a ransom to regain functionality, according to a spokesperson.