Caleb Boma | December 28th, 2020


The home appliance company, Whirlpool, confirmed a ransomware attack and explained they will be slowly bringing back systems until all are restored. With a whopping $20 billion in yearly revenue, Whirlpool offers a potentially hefty financial gain for threat actors. Data such as employee benefits, accommodation requests, medical information, and background checks were lifted from Whirlpool. Most threat groups’ primary motives are usually tied to financial profit and lately, larger corporations are being targeted due to this.

Details of Ransomware Attack On Whirlpool

The ransomware group responsible for this incident is Nefilim. Nefilim is not necessarily the most active group but has been studied implementing a popular method among them: double extortion. The worrying aspect of having your data published publicly is how harmful it is to your brand’s reputation. Not only can your operations be halted, but data being exfiltrated makes for a more complex issue.

Before double extortion was being used on a regular basis, data was being encrypted, but not always stolen and published. Threat actors realized the incentive for organizations to pay ransoms increased when the data was posted on dark web forums, in addition to being encrypted.

Nefilim’s ransom note contains warnings, “If you do not contact us we will start leaking data periodically in parts.” The evidence shows they’ve begun to leak data with company files titled, “Whirlpool Corporation. Part 1.,” implying more data has yet to be published.

One of our recommendations for preparing for a cyberattack is to have secure backups of all of your data. Why do you need to do this? Well, let’s analyze more of Nefilim’s ransom note. “If you don’t have extensive backups, the only way to retrieve your data is with our software.” This proves our point with precision. Having trusted backups will be an impactful counter to a threat actor who thinks they have leverage by holding your data. Take the time to make sure your organization has done everything it can to be secure, including utilizing a trusted cybersecurity firm.

As threat actors develop their attack techniques, it’s extremely vital to keep up with protection and policies. What will you do when you are faced with a cyberattack and you’re not prepared? This is a question which should be posed to boards and executives continually, until the risks of ransomware are realized, and actions are made to improve them with firms, like SpearTip, and tools, like ShadowSpear®.

The human element in security is a necessity, considering tools can’t guarantee the complete safety of your networks and environments. Our internally developed Endpoint Detection and Response (EDR) tool, ShadowSpear®, works hand-in-hand with our highly technical, certified engineers by stopping potential threats while also providing partners with a completely transparent view of their risk profile.


Connect With Us

Featured Articles

Security Awareness Training
Security Awareness Training Crucial Role
22 May 2024
Phishing Campaign Assessments
Phishing Campaign Assessments Can Be Effective For Companies
20 May 2024
Incident Response Planning
Incident Response Planning: Why It's Important
17 May 2024
Ransomware Experiments
Ransomware Experiments on Developing Countries
15 May 2024

See ShadowSpear in Action

Identify, neutralize, and counter cyberattacks - provide confidence in your security posture

Stay Connected With SpearTip

Inside the SOC Newsletter

View our articles that cover trending topics in cybersecurity with insights from our 24/7/365 Security Operations Center.

ShadowSpear Platform

Cybersecurity actors are working around the clock, shouldn’t your security team be too? Technology solutions and security controls fail for a number of reasons, poor deployment, improper implementation, or just no one monitoring the alerts.

ShadowSpear Demo

Experience ShadowSpear for yourself. Our lightweight, integrated solution will help you sleep easier at night and provide immediate confidence in your security posture.