Bose is the latest in an unending parade of major companies to disclose that they've been the victim of a ransomware attack.
In the company's breach notification letter, they indicated that they first detected the incursion on March 7th, 2021, with the attack itself having occurred on April 29th.
Additionally, as is quite common in these cases, the company indicated that they immediately began working with both law enforcement and a third-party cyber security agency to continue the investigation. According to the official notification, Bose did not pay the demanded ransom, and was able to restore their corporate network to full functionality with minimal disruption to the company's business operations.
In terms of scope and scale, the company identified a small number of individuals whose data was impacted and notified everyone who was affected by mail. Based on the forensic analysis, the company determined that the files accessed by the hackers contained personal information related to an unspecified number of current and former employees, including names, social security numbers, salary, and other HR-related information.
In the aftermath of the attack, Bose took the following steps to further bolster their security:
- Enhanced malware/ransomware protection on endpoints and servers to further enhance our protection against future malware/ransomware attacks.
- Performed detailed forensics analysis on impacted server to analyze the impact of the malware/ransomware.
- Blocked the malicious files used during the attack on endpoints to prevent further spread of the malware or data exfiltration attempt.
- Enhanced monitoring and logging to identify any future actions by the threat actor or similar types of attacks.
- Blocked newly identified malicious sites and IPs linked to this threat actor on external firewalls to prevent potential exfiltration.
- Changed passwords for all end-users and privileged users.
- And changed access keys for all service accounts.
The bottom line is, although unfortunate, the company's handling of the incident has been commendable. We just hope that the day comes when there won't be quite so many stories like this one.