Automatic teller machine maker and payment technology company Diebold Nixdorf Inc. has suffered a ransomware attack that disrupted some operations.
First reported today by security researcher Brian Krebs, the ransomware attack struck the company April 25 and affected services for more than 100 of the company’s customers. Diebold Nixdorf is the largest ATM provider in the United States and holds an estimated 35% of the global cash machine market.
The company said the attack did not affect its ATMs, customer networks or the general public but did disrupt a system that automates field service technician requests.
An investigation into the attack found that those behind it had deployed ProLock ransomware, a form of ransomware previously known as PwndLocker until it rebranded itself in March after fixing a bug that allowed a free decryptor to be created. The ransomware encrypts files on a victim’s machine while adding .proLock to the file name.
Those infected are then asked to pay a ransom for a decryption key. The ransomware is distributed via malicious BMP files. The distribution path for the ransomware is not known.
Diebold Nixdorf said it did not pay the ransom but declined to discuss the amount requested. Previous ProLock and PwndLocker ransomware attacks have typically involved demands for payment in the six-figure range.
“This serves as a lesson that ransomware can impact organizations regardless of their size and technical stature,” Erich Kron, security awareness advocate at security awareness training company KnowBe4 Inc., told SiliconANGLE. “In this case, Diebold was fortunate enough to have segmented their network, limiting the damage to the corporate network and sparing the other critical network systems and impact to customers.”
Kron added that ransomware hasn’t taken a break during the pandemic. “For this reason, organizations need to ensure they are prepared for attacks such as this by training users to spot and report phishing attacks, the most common way ransomware spreads and be ready with good endpoint protection and backups to help in the event the attack is successful,” he advised.