UK shipping giant Clarksons has been hit by hackers who were successful in stealing sensitive and confidential data which may soon be leaked due to Clarksons refusal to pay the ransom demanded by the hackers.
According to Clarksons, the hackers managed to infiltrate their system by compromising a “single and isolated user account” which has since been disabled. Clarksons is now in the process of contacting all possibly affected clients and is working with law enforcement to try and crack down on the hackers to make sure the data that was stolen is not leaked as it would be a huge security breach.
Lawyers are on standby by command of Clarksons to do whatever it takes to stop the information from getting out and they will take any necessary steps needed to make that happen.
CEO Andi Case said “I hope our clients realise that we would not be held to ransom by criminals, and I would like to sincerely apologise for any concern this incident may have understandably raised.”
Clarksons is the latest company in a string of businesses to have been hacked, after Uber, Equifax, Yahoo and Deloitte. Although it is clear that Clarksons was hacked it is unclear exactly when they were hacked and when the firm discovered the breach.
Mark James, security specialist at ESET commented in an email to SC Media UK on the issue saying: "With little information it's hard to speculate how, or indeed what, happened - but this is a clear example of the need to periodically check not only the need for user accounts not currently being used, but more importantly their authority”.
“The information given so far is that “hackers had managed to access the company's computer systems by compromising a "single and isolated user account," which has since been disabled” - which would suggest this account did indeed have elevated privileges. It would then appear a ransom demand was sent to pay up, or suffer the consequences of releasing the stolen data - it seems Clarkson's have made the right choice here. Paying the bad guys may have done no more than labelled them as “willing to pay” for possible targeted attacks, and of course, does not guarantee the safety or nondisclosure of the files”.
“Coming clean in a timely manner and working with authorities to mitigate the damages is always the best course of action - data breaches sadly are a consequence of our digital existence and the means of which we deal with them can make a huge difference to public perception and limit the aftermath”.
Andy Norton, director of threat intelligence at Lastline adds in an email: "It's a positive move by Clarksons, firstly not to cover up the ransom request, and secondly not to pay the ransom request. They describe the breach as a single and isolated user account that had unauthorised access to internal systems. This profile of attack is often the result of a key logger being sent via a malicious email to an employee of the company who then opens the email and gets infected. This type of attack is a preferred method by West African hackers. It will be interesting to see how Clarksons disclose the nature of the attack in due course."