Leading US Video Delivery Provider Confirms Ransomware Attack
SeaChange International, a US-based leading supplier of video delivery software solutions, has confirmed a ransomware attack that disrupted its operations during the first quarter of 2020.
The company is traded on NASDAQ as SEAC and it has locations in Poland and Brazil. Its customer list includes telecommunications companies and satellite operators such as the BBC, Cox, Verizon, AT&T, Vodafone, Direct TV, Liberty Global, and Dish Network Corporation.
SeaChange also says that its Framework Video Delivery Platform currently powers hundreds of on-premise and cloud live TV and video on demand (VOD) platforms with more than 50 million subscribers in over 50 countries.
April ransomware attack now confirmed
BleepingComputer learned of the attack on SeaChange’s servers during April 2020 when a ransomware gang posted screenshots of files they claimed to have stolen from the company’s servers.
Among those screenshots, we found a cover letter with a Pentagon video-on-demand service proposal.
When BleepingComputer reached out to the US Department of Defense (DoD) to ask if they were aware of a SeaChange breach, the DoD declined to comment saying that it doesn’t share info on potential network intrusions or related investigations.
“In accordance with policy, we will have no information to provide on possible network intrusions or investigations into possible network intrusions in either DOD or contractor networks,” Department of Defense spokesman Lt. Col. Robert Carver told BleepingComputer.
BleepingComputer also reached out to SeaChange multiple times to find if they were aware of the ransomware group’s claims but our emails went unanswered.
However, today, SeaChange finally confirmed the ransomware attack in a 10-Q quarterly report filed with the US Securities and Exchange Commission (SEC).
“In the first quarter of fiscal 2021 [sic], we experienced a ransomware attack on our information technology system,” the company reported.
“While such attack did not have a material adverse effect on our business operation, it caused a temporary disruption. A forensic investigation is being conducted to determine if any data was compromised.”
Also read: What Is A Governance Framework? The Importance And How It Works
Attack claimed by the REvil ransomware gang
As BleepingComputer previously reported, the SeaChange ransomware attack acknowledged by the company today was claimed at the time by the REvil (aka Sodinokibi) ransomware group.
They created a new victim page for SeaChange, which was used to publish snapshots of documents the REvil operators said were during the attack.
REvil is a ransomware-as-a-service (RaaS) operation known for breaching corporate networks using exposed remote desktop services, exploits, spam, as well as via hacked Managed Service Providers.
Although details regarding the attack on SeaChange are scarce, cyber threat intelligence firm Bad Packets discovered that the company was using a Pulse Secure VPN server unpatched against the CVE-2019-11510 vulnerability before it got hit by ransomware.
After gaining access to a targeted enterprise’s network, REvil’s operators spread laterally while stealing sensitive data from servers and workstations to be used as leverage to convince the victim to pay the ransom under the threat of publicly leaking all the stolen info.
They later encrypting all the devices on the company’s compromised network after gaining administrative access to a domain controller.
Brown-Forman is one of REvil’s latest victims, a company that owns the world-known Jack Daniel’s whiskey and Finlandia vodka brands.
Also read: Data Centre Regulations Singapore: Does It Help To Progress?
0 Comments