Caleb Boma | December 28th, 2020

The home appliance company, Whirlpool, confirmed a ransomware attack and explained they will be slowly bringing back systems until all are restored. With a whopping $20 billion in yearly revenue, Whirlpool offers a potentially hefty financial gain for threat actors. Data such as employee benefits, accommodation requests, medical information, and background checks was lifted from the company.

Most threat groups’ primary motives are usually tied to financial profit and lately, larger corporations are being targeted due to this.

The ransomware group responsible for this incident is Nefilim. Nefilim is not necessarily the most active group but has been studied implementing a popular method among them: double extortion. The worrying aspect of having your data published publicly is how harmful it is to your brand’s reputation. Not only can your operations be halted, but data being exfiltrated makes for a more complex issue.

Before double extortion was being used on a regular basis, data was being encrypted, but not always stolen and published. Threat actors realized the incentive for organizations to pay ransoms increased when the data was posted on dark web forums, in addition to being encrypted.

Nefilim’s ransom note contains warnings, “If you do not contact us we will start leaking data periodically in parts.” The evidence shows they’ve begun to leak data with company files titled, “Whirlpool Corporation. Part 1.,” implying more data has yet to be published.

One of our recommendations for preparing for a cyberattack is having secure backups of all of your data. Why do you need to do this? Well, let’s analyze more of Nefilim’s ransom note. “If you don’t have extensive backups, the only way to retrieve your data is with our software.” This proves our point with precision. Having trusted backups will be an impactful counter to a threat actor who thinks they have leverage by holding your data. Take the time to make sure your organization has done everything it can to be secure, including utilizing a trusted cybersecurity firm.

As threat actors develop their attack techniques, it’s extremely vital to keep up with protection and policies. What will you do when you are faced with a cyberattack and you’re not prepared? This is a question which should be posed to boards and executives continually, until the risks of ransomware are realized, and actions are made to improve them with firms, like SpearTip, and tools, like ShadowSpear®.

The human element in security is a necessity, considering tools can’t guarantee the complete safety of your networks and environments. Our internally developed Endpoint Detection and Response (EDR) tool, ShadowSpear®, works hand-in-hand with our highly-technical, certified engineers by stopping potential threats while also providing partners with a completely transparent view of their risk profile.