Headphone and speaker maker Bose discloses ransomware attack | The Record by Recorded Future
Audio equipment manufacturer Bose said it was the victim of a ransomware attack that took place earlier this year, on March 7.
The attack hit the company’s US-based systems and was detected on the same day it occurred, but not before hackers deployed the ransomware across the company’s internal network.
Bose, which is primarily known for its headphones and speaker equipment, said it “carefully, and methodically, worked with its cyber experts to bring its systems back online in a safe manner.”
In a carefully worded data breach notification letter [PDF] filed with US officials, the company did not say if it paid hackers to regain control over its network.
A Bose spokesperson was not available for comments.
The company also said that following a months-long investigation into the intrusion, it also discovered that the ransomware gang also accessed internal files from its human resources department.
The files stored data about the company’s employees, the company said last week. This included employee names, Social Security numbers, and compensation-related information.
“The forensics evidence at our disposal demonstrates that the threat actor interacted with a limited set of folders within these files,” the company said.
However, the company added that while it has evidence to confirm that the hackers accessed these files, it is unable to determine if the files were stolen or not.
As a result, the company has now engaged a law firm to notify all affected current or former employees and offer them 12 months of free identity protection services.
The company also said it boosted internal security procedures and taken the following actions:
Enhanced malware/ransomware protection on endpoints and servers to further enhance our protection against future malware/ransomware attacks.
Performed detailed forensics analysis on impacted servers to analyze the impact of the malware/ransomware.
Blocked the malicious files used during the attack on endpoints to prevent further spread of the malware or data exfiltration attempt.
Enhanced monitoring and logging to identify any future actions by the threat actor or similar types of attacks.
Blocked newly identified malicious sites and IPs linked to this threat actor on external firewalls to prevent potential exfiltration.
Changed passwords for all end-users and privileged users.
Changed access keys for all service accounts.
At the time of writing, no major ransomware gang has taken credit for the Bose ransomware attack.
The attack hit the company’s US-based systems and was detected on the same day it occurred, but not before hackers deployed the ransomware across the company’s internal network.
Bose, which is primarily known for its headphones and speaker equipment, said it “carefully, and methodically, worked with its cyber experts to bring its systems back online in a safe manner.”
In a carefully worded data breach notification letter [PDF] filed with US officials, the company did not say if it paid hackers to regain control over its network.
A Bose spokesperson was not available for comments.
The company also said that following a months-long investigation into the intrusion, it also discovered that the ransomware gang also accessed internal files from its human resources department.
The files stored data about the company’s employees, the company said last week. This included employee names, Social Security numbers, and compensation-related information.
“The forensics evidence at our disposal demonstrates that the threat actor interacted with a limited set of folders within these files,” the company said.
However, the company added that while it has evidence to confirm that the hackers accessed these files, it is unable to determine if the files were stolen or not.
As a result, the company has now engaged a law firm to notify all affected current or former employees and offer them 12 months of free identity protection services.
The company also said it boosted internal security procedures and taken the following actions:
Enhanced malware/ransomware protection on endpoints and servers to further enhance our protection against future malware/ransomware attacks.
Performed detailed forensics analysis on impacted servers to analyze the impact of the malware/ransomware.
Blocked the malicious files used during the attack on endpoints to prevent further spread of the malware or data exfiltration attempt.
Enhanced monitoring and logging to identify any future actions by the threat actor or similar types of attacks.
Blocked newly identified malicious sites and IPs linked to this threat actor on external firewalls to prevent potential exfiltration.
Changed passwords for all end-users and privileged users.
Changed access keys for all service accounts.
At the time of writing, no major ransomware gang has taken credit for the Bose ransomware attack.