Two weeks after suffering a cyberattack, Indigo Books & Music has admitted it was hit by ransomware and employees’ data was compromised.
“On February 8, 2023, IndiGo experienced a ransomware attack,” the company said in an updated FAQ on its website. “Through our investigation we have learned there is no reason customer data was improperly accessed, but that some employee data was.”
“We are notifying all affected employees,” the site says. “We have also notified and are cooperating with law enforcement.
“Since this incident, we have been working with third-party experts to strengthen our cyber security practices, enhance data protection measures, and review our existing controls.”
According to a threat researcher at a cyber security company, no ransomware group has yet claimed responsibility for the attack.
Also today, the company said it has been able to restore online sales of books — but not other items it sells.
“Books are back,” trumpets Indigo on its website, adding that thousands of titles are available. However, shoppers can only browse lifestyle products. They will have to be bought from stores across the country.
Indigo is still in the process of improvement. The website says it is a “temporary online home”, suggesting that a new website is being built.
According to a report released today by Fortinet Looking at cyber incidents in the second half of 2022, the amount of ransomware worldwide has increased by 16 percent compared to the first half of last year.
Out of a total of 99 observed ransomware families, the top five families accounted for approximately 37 percent of all ransomware activity during the second half of 2022.
GandCrab, a ransomware-as-a-service malware that emerged in 2018, topped the list. Although the criminals behind Gandcrab announced they were retiring after making over $2 billion in profits, reports state that there were several iterations of Gandcrab during its active time. “It is possible that the long-tail legacy of this criminal group still persists, or that the code has simply been made up, changed and re-released.”
In a report from IBM, which was released today, The researchers said that looking at the incidence of calls to the company for help in 2022, ransomware incidents decreased last year compared to 2021. However, deploying ransomware was the second most common action taken when a malicious actor was able to circumvent security controls. Installing the backdoor was number one. Backdoors lead to the distribution of malware, including ransomware, to advance everything from credential theft through data theft and data destruction.
Worryingly, IBM said the average time to deploy for ransomware attacks was expected to decrease by four percent in 2022 compared to last year. To put that in perspective, it took attackers more than two months in 2019 to just under four days in 2021.