Tomcat
Professional
- Messages
- 2,687
- Reaction score
- 1,038
- Points
- 113
Cybercriminals attacked INA Group, Croatia's largest oil company. During the cyberattack, the cybercriminals allegedly used ransomware CLOP, which encrypted the data of some of the company's internal servers, ZDNet reported.
This incident did not affect the supply of gasoline to customers and did not affect the performance of the company's payment systems. However, as a result of the attack, the company was unable to issue invoices, record the use of loyalty cards, issue new mobile vouchers and new electronic vignettes, and accept payments for fuel from customers.
Although INA Group did not disclose details of what malware was used in the attacks, it is believed to be CLOP ransomware. Several factors point to the involvement of the ransomware. In particular, a few hours before INA Group issued a statement about the incident, an analyst from Sophos announced the start of activity on a new C&C server used in CLOP cyberattacks. In addition, this week security researchers discovered new versions of the CLOP ransomware on the VirusTotal service.
Recall this week SecurityLab wrote about cyber attacks is, in the US operator of the gas pipeline, which resulted in its computer networks have been infected extortionate software. The cybercriminals used the phishing link to gain initial access to the organization's information networks and then targeted the Operational Technology (OT) network.
This incident did not affect the supply of gasoline to customers and did not affect the performance of the company's payment systems. However, as a result of the attack, the company was unable to issue invoices, record the use of loyalty cards, issue new mobile vouchers and new electronic vignettes, and accept payments for fuel from customers.
Although INA Group did not disclose details of what malware was used in the attacks, it is believed to be CLOP ransomware. Several factors point to the involvement of the ransomware. In particular, a few hours before INA Group issued a statement about the incident, an analyst from Sophos announced the start of activity on a new C&C server used in CLOP cyberattacks. In addition, this week security researchers discovered new versions of the CLOP ransomware on the VirusTotal service.
Recall this week SecurityLab wrote about cyber attacks is, in the US operator of the gas pipeline, which resulted in its computer networks have been infected extortionate software. The cybercriminals used the phishing link to gain initial access to the organization's information networks and then targeted the Operational Technology (OT) network.
