UL, which you may know better as Underwriters Laboratories, has overcome countless obstacles in its 127-year run as the world’s leading safety testing authority. Now they’re facing down a true 21st century menace: ransomware.
As reported by Bleeping Computer’s Lawrence Abrams, UL detected suspicious activity on its network last weekend. At-risk systems were shut down as soon as possible to prevent the ransomware from spreading further.
That resulted in interruption to certain services offered by UL including the myUL client portal. As of the time of writing the portal display an outage notification and advises users to call or email UL for assistance.
A statement provided by UL notes that the breach was detected on February 13. A “leading cybersecurity firm” has been brought in to assist UL with its investigation of the incident and law enforcement officials have been notified.
UL Doesn’t Intend To Pay Ransom
At this point it appears that UL wants nothing to do with its ransomers. Staff have been told not to respond to the hackers’ attempts to make contact. UL does not plan to pay the ransom and instead will restore any lost data from backups.
That’s what the FBI advises all ransomware victims to do. There are numerous potential pitfalls for those who do pay.
Even if victims do pay the ransom there’s no guarantee that their attackers will follow through with the promise to restore data — these are criminals, after all.
There’s also the possibility that the hackers will do what they say but ransomware’s decryption routine won’t work as hoped. If that happens, a victim’s files will be permanently destroyed.
Why Do Some Victims Pay?
There are a handful of reasons ransomware victims pay to recover their data. One of the most common are not having a secure, current set of data backups. Another is that the cost of extended outages can dwarf the actual ransom amount.
More recently, ransomware gangs have turned to so-called “double extortion” techniques. The attackers steal as much sensitive data as they can prior to encrypting a victim’s systems. They then threaten to release that data if the victim doesn’t pay.
It’s also becoming more common for C-level executives to be directly targeted, and it’s easy enough to understand why. If the threat of releasing sensitive corporate data doesn’t work, threatening to release emails or documents that may be damaging to high-level decision makers just might.
UL Incident Is Far From Over
The company is remaining tight-lipped as the investigation ramps up. In its statement to Bleeping Computer, UL said “Until we learn more from our investigation, we cannot speculate as to the type of information that may be potentially impacted. If we determine that data is impacted, we will take appropriate actions.”
Ransomware investigations and data restoration can take a very long time. It could be days or even weeks before operations are truly back to normal at UL.