Möbelhaus Sommerlad in Gießen is blackmailed
Möbelhaus Sommerlad in Gießen is blackmailed
Marc Schäferby Marc Schäfer
The "furniture city" Sommerlad in Gießen is blackmailed. A corresponding letter has been received. The investigation is ongoing.
Giessen - "We got away with it with a black eye," says Frank Sommerlad, managing director of the R. Sommerlad GmbH & Co. KG furniture store. "We will have to replace up to 400 hard drives on our computers, but we can open again on Friday in the Schiffenberger Tal."
On the night of April 30th, the furniture store was attacked by professional hackers with a so-called ransomware attack. Despite the existing protection of the IT, all of the company's servers were encrypted and backups deleted, the Möbelstadt writes in an email to its customers. "Money should be extorted from us for access to our data," reports Frank Sommerlad. Since the company had taken appropriate precautions in this area, it was possible to restore a large part of the data from the daily and spatially distributed backups. Therefore, Sommerlad did not have to go into the blackmail. Frank Sommerlad was unable to provide any information on the amount required, as the files with the extortion letter were not opened on the advice of experts consulted.
Sommerlad in Gießen: No ransom payment
According to Sommerlad, the attack was attributable to the hacker group "Darkside, Inc.". This group is known for its highly professional attacks, in which companies are spied on in advance for weeks and months in order to then encrypt both servers and backups. This group of hackers is also currently assigned responsibility for the attack on the largest pipeline in the United States. Sommerlad also assumes that the furniture city had been monitored by the hackers several days before the actual attack.
Immediately after the attack was discovered, a specialist company specializing in IT forensics was commissioned to investigate the attack. The experts tried to retrace the tracks. “You're at 50 percent. It's not quite clear yet, ”says Sommerlad. In addition, the state commissioner for data protection was informed and a complaint was made to the central contact point for cybercrime at the police. In order to be able to prevent attacks of this kind even better in the future, a number of measures are currently being taken. These include, among other things, the connection to an independent, external security operations center and the introduction of a more comprehensive policy for handling access data, external data carriers and rules of conduct for handling e-mail links and attachments. "We are now building our protective wall a few meters higher, but professional hackers will somehow be able to overcome this wall too," says Sommerlad. "I can therefore only advise company owners to sensitize them to the handling of passwords, to save data in an external data center and to set up a second server structure, into which one can move in with clean data at any time."
Sommerlad in Gießen: Customer data leaked?
According to Sommerlad, it is currently not yet possible to determine with "final certainty" whether - and if so to what extent - data has flown. "As we do not yet know at the moment whether data has leaked, we would like to encourage all customers to change their passwords, especially if these passwords were used identically by other providers," advises Sommerlad. However, the attack from the system could not spread to customers.
A few days ago it became known that the company tegut had also been the victim of a hacker attack. “If you want to get something good from Corona, it is that we were not running at full load at the time of the attack because of the lockdown. That would definitely have increased the damage, «says Sommerlad, who is happy that the process led to short-term restrictions in work, but business operations in sales are largely guaranteed again despite these restrictions. Across Germany, 15 people had worked almost day and night since the attack to limit the effects and to find the perpetrators.
Marc Schäferby Marc Schäfer
The "furniture city" Sommerlad in Gießen is blackmailed. A corresponding letter has been received. The investigation is ongoing.
Giessen - "We got away with it with a black eye," says Frank Sommerlad, managing director of the R. Sommerlad GmbH & Co. KG furniture store. "We will have to replace up to 400 hard drives on our computers, but we can open again on Friday in the Schiffenberger Tal."
On the night of April 30th, the furniture store was attacked by professional hackers with a so-called ransomware attack. Despite the existing protection of the IT, all of the company's servers were encrypted and backups deleted, the Möbelstadt writes in an email to its customers. "Money should be extorted from us for access to our data," reports Frank Sommerlad. Since the company had taken appropriate precautions in this area, it was possible to restore a large part of the data from the daily and spatially distributed backups. Therefore, Sommerlad did not have to go into the blackmail. Frank Sommerlad was unable to provide any information on the amount required, as the files with the extortion letter were not opened on the advice of experts consulted.
Sommerlad in Gießen: No ransom payment
According to Sommerlad, the attack was attributable to the hacker group "Darkside, Inc.". This group is known for its highly professional attacks, in which companies are spied on in advance for weeks and months in order to then encrypt both servers and backups. This group of hackers is also currently assigned responsibility for the attack on the largest pipeline in the United States. Sommerlad also assumes that the furniture city had been monitored by the hackers several days before the actual attack.
Immediately after the attack was discovered, a specialist company specializing in IT forensics was commissioned to investigate the attack. The experts tried to retrace the tracks. “You're at 50 percent. It's not quite clear yet, ”says Sommerlad. In addition, the state commissioner for data protection was informed and a complaint was made to the central contact point for cybercrime at the police. In order to be able to prevent attacks of this kind even better in the future, a number of measures are currently being taken. These include, among other things, the connection to an independent, external security operations center and the introduction of a more comprehensive policy for handling access data, external data carriers and rules of conduct for handling e-mail links and attachments. "We are now building our protective wall a few meters higher, but professional hackers will somehow be able to overcome this wall too," says Sommerlad. "I can therefore only advise company owners to sensitize them to the handling of passwords, to save data in an external data center and to set up a second server structure, into which one can move in with clean data at any time."
Sommerlad in Gießen: Customer data leaked?
According to Sommerlad, it is currently not yet possible to determine with "final certainty" whether - and if so to what extent - data has flown. "As we do not yet know at the moment whether data has leaked, we would like to encourage all customers to change their passwords, especially if these passwords were used identically by other providers," advises Sommerlad. However, the attack from the system could not spread to customers.
A few days ago it became known that the company tegut had also been the victim of a hacker attack. “If you want to get something good from Corona, it is that we were not running at full load at the time of the attack because of the lockdown. That would definitely have increased the damage, «says Sommerlad, who is happy that the process led to short-term restrictions in work, but business operations in sales are largely guaranteed again despite these restrictions. Across Germany, 15 people had worked almost day and night since the attack to limit the effects and to find the perpetrators.
