Global IT products and services reseller CDW has been threatened to have its stolen data exposed by the LockBit ransomware operation on Oct. 11 after the company refused to meet the demanded ransom, according to The Register.
"As soon as the timer runs out you will be able to see all the information, the negotiations are over and are no longer in progress. We have refused the ridiculous amount offered," said LockBit spokesperson LockBitSupp.
No statements have been provided by CDW regarding the breach, which was first posted on LockBit's blog on Sept. 3, while the U.K. Information Commissioner's Office also said that there has not been any report from the IT reseller.
"LockBit has previously used pressure tactics to force other victims of their attacks in order to speed up ransom negotiations to ultimately pay up and with varying success. There is always a chance, however, that this is a tactic used to force their victims' hands to act quickly yet no real substance be in the original claim," said ESET Global Cybersecurity Advisor Jake Moore.
An In-Depth Guide to Ransomware
Get essential knowledge and practical strategies to protect your organization from ransomware attacks.
Milan-based private investigations firm Equalize led by former top cop Carmine Gallo was reportedly behind the years-long hacking campaign, which was facilitated by bribes to police officers, remote access trojan compromise, and the breach of the Italian Interior Ministry computer system's maintenance personnel.
Most of the vulnerable CyberPanel implementations, which could be taken over using the security issue, were in the U.S., followed by Germany, Singapore, Indonesia, and India, according to threat intelligence search engine LeakIX.
Malicious emails delivered by attackers — who sometimes spoofed Microsoft employees or leveraged Microsoft- and Amazon Web Services-related social engineering lures — included Remote Desktop Protocol configuration files as attachments, which when executed established a connection between the targeted devices and the attacker-controlled server.