Capital Region moving and storage company hit with suspected ransomware attack | #malware | #ransomware


POUGHKEEPSIE – A prominent Capital Region moving company appears to have been hacked by the same Russian-speaking gang that two weeks ago temporarily crippled one of the nation’s largest meat-packing companies, sparking fears of shortages until its computer systems were back online.

“It’s all still being investigated. It certainly seems that way,” Dan Arnoff, vice president of Arnoff Moving & Storage said of the apparent ransomware attack his business was hit by earlier this month. 

“Hi there! Our guys hacked ARNOFF moving and storage,” reads the message on a blog about ransomware attacks. The hackers, who are seeking an unspecified ransom to give back the data they say they stole, claim to be the REevil group, which attacked computers of the Brazilian-based JBS meat packing conglomerate.

JBS, with plants in the U.S., supplies about 20 percent of the United State’s meat consumption.

It’s not known if JBS paid a ransom to REevil to regain control of its computer systems.


News about the Arnoff hack has been posted on at least one dark web site, or web page. Such sites are difficult to find and often traffic in illicit activities. Bret Callow, a threat analyst with the Emsisoft anti-malware company, said the Arnoff hackers claimed they were with REevil.

The posting included an image of a $634.48 payment for a customer’s use of a 20-foot container. It also had a subcontractor’s tax identification form, or W-9 and a note saying the “all data” will be sold next week.

Hackers or ransomware thieves are known to auction off stolen credit card information on secret dark web sites. They also use cryptocurrency, which often can’t be tracked, for payments.

“We started to become aware of some systems issues on Thursday of last week,” Arnoff said, explaining that the company website was down for a while.

After restarting the website, moving company officials found text files directing them to a website telling them how to get their data back. Arnoff said there is no current indication that any data was released to the public.

Arnoff said he has notified the FBI and Dutchess County sheriff’s office, since that’s where the business’ web servers are based.

The company has offices in Poughkeepsie and Malta.

He stressed that he doesn’t know how much data was taken and that he’s been working to notify people who have paid with credit cards lately that their information may have been compromised.

“Our main priority is keeping our customers and employees protected,” he said.

Arnoff added the business’ insurance company, Travelers, is handling most dealings with the hackers.

Web security experts say that such hacks or ransomware and other attacks are more common than many people realize. They have drawn attention in recent weeks with the JBS attack and the attack by a group calling itself the DarkSide network against the Colonial oil pipeline in May.

That ransomware attack temporarily halted the flow of oil to major East Coast cities like Washington D.C. leading to gas shortages and lines at service stations.

Federal officials say they have since recovered approximately $2.3 million, or much of the ransom in that case that was paid in Bitcoin cryptocurrency.

rkarlin@timesunion.com • 518-454-5758  •  @RickKarlinTU



Original Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

+ three = 13