Search the Community

MathWorks, a leading developer of mathematical computing and simulation software, has revealed that a recent ransomware attack is behind an ongoing service outage. Headquartered in Natick, Massachusetts, and founded in 1984, MathWorks now has over 6,500 employees in 34 offices worldwide. MathWorks develops the MATLAB numeric computing platform and the Simulink simulation, which are used by over 100,000 organizations and over 5 million customers. "MathWorks experienced a ransomware attack. We have notified federal law enforcement of this matter. The attack affected our IT systems," the company disclosed in an incident report published on its official status page. "Some of our online applications used by customers became unavailable, and certain internal systems used by staff became unavailable, beginning on Sunday, May 18." While ongoing outages resulting from this incident still affect many of its online services, including the cloud center, file exchange, license center, and MathWorks store, the company has since brought some back online. For instance, after multiple days of signing issues preventing users from accessing their accounts, MathWorks restored multi-factor authentication (MFA) and account SSO (Single Sign On) on May 21st. Despite this, since Friday, some customers have continued experiencing issues preventing them from creating new accounts, while others who haven't signed in since 11 October 2024 haven't been able to log in at all. MathWorks has yet to reveal additional information regarding this incident, including the name of the ransomware operation behind the attack and whether any customer data was stolen during the breach. Even though the company tagged this incident as a ransomware attack, no ransomware gang has claimed the breach, suggesting that MathWorks has either paid the ransom demanded by the attackers or is still negotiating. A MathWorks spokesperson was not immediately available for comment when contacted by BleepingComputer. Source Hope you enjoyed this news post. Thank you for appreciating my time and effort posting news every day for many years. News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of April): 1,811 RIP Matrix | Farewell my friend

Audio maker Bose discloses data breach after ransomware attack Bose Corporation (Bose) has disclosed a data breach following a ransomware attack that hit the company's systems in early March. In a breach notification letter filed with New Hampshire's Office of the Attorney General, Bose said that it "experienced a sophisticated cyber-incident that resulted in the deployment of malware/ransomware across" its "environment." "Bose first detected the malware/ransomware on Bose's U.S. systems on March 7, 2021," the company added. The audio maker hired external security experts to restore impacted systems after the attack and forensic experts to determine if any of its data was accessed or exfiltrated by the attackers. "We did not make any ransom payment," Bose Media Relations Director Joanne Berthiaume told BleepingComputer. "We recovered and secured our systems quickly with the support of third-party cybersecurity experts." "During our investigation, we identified a very small number of individuals whose data was impacted, and we sent notices to them directly in accordance with our legal requirements. "There is no ongoing disruption to our business, and we are focused on providing our customers with the great products and experiences they have come to expect from Bose." Employees' data accessed during the attack While investigating the ransomware's attack impact on its network, the audio maker discovered that some of its current and former employees' personal information was accessed by the attackers. "Based on our investigation and forensic analysis, Bose determined, on April 29, 2021, that the perpetrator of the cyber-attack potentially accessed a small number of internal spreadsheets with administrative information maintained by our Human Resources department," Bose said. "These files contained certain information pertaining to employees and former employees of Bose." Employe personal information exposed in the ransomware attack includes names, Social Security Numbers, compensation information, and other HR-related information. While Bose did not find confirmation of the threat actors' behind the incident exfiltrating data out of its network, the company says the attackers were able to interact with "a limited set of folders." No evidence of leaked stolen data on the dark web "Bose has engaged experts to monitor the dark web for any indications of leaked data, and has been working with the U.S. Federal Bureau of Investigation," the audio maker said. "Bose has not received any indication through its monitoring activities or from impacted employees that the data discussed herein has been unlawfully disseminated, sold, or otherwise disclosed." After the ransomware attack, Bose took the following measures to defend against future attacks: Enhanced malware/ransomware protection on endpoints and servers to further enhance our protection against future malware/ransomware attacks. Performed detailed forensics analysis on impacted server to analyze the impact of the malware/ransomware. Blocked the malicious files used during the attack on endpoints to prevent further spread of the malware or data exfiltration attempt. Enhanced monitoring and logging to identify any future actions by the threat actor or similar types of attacks. Blocked newly identified malicious sites and IPs linked to this threat actor on external firewalls to prevent potential exfiltration. Changed passwords for all end-users and privileged users. Changed access keys for all service accounts. The company also sent breach notification letters to all individuals impacted by the ransomware incident on May 19. Depending on the ransomware gang behind this attack, the incident could also lead to a data leak if employees' info was also exfiltrated from Bose's systems. Right now, more than 20 ransomware gangs are known for stealing data from victims' servers before encrypting their systems. Bose is a privately-held consumer electronics company that manufactures audio equipment for entertainment and the aviation and automotive industries. Update: Added Bose's official statement. Source: Audio maker Bose discloses data breach after ransomware attack

CNA Financial reportedly paid $40 million to resolve a ransomware attack It could be one of the biggest ransom payouts to date. A US insurance company may have paid one of the most expensive malware ransoms to date. According to Bloomberg, CNA Financial shelled out $40 million in late March to regain control of its network following a two-week lockout. To put that payout in perspective, the CEO of the Colonial Pipeline told The Wall Street Journal this week his company paid $4.4 million to hackers. That's a ransomware attack that led to fuel shortages across the US. "CNA is not commenting on the ransom," a spokesperson for the company told Bloomberg. "CNA followed all laws, regulations and published guidance, including OFAC's 2020 ransomware guidance, in its handling of this matter." The company fell victim to Phoenix Locker, an offshoot of the Hades ransomware created by infamous Russian cybercrime operation Evil Corp. Some security researchers believe Evil Corp is also behind WastedLocker, the malware linked to last year's Garmin ransomware attack. In 2019, the US Treasury Department sanctioned the group for its activities. It's unclear if Phoenix, the group behind the CNA attack, is affiliated with Evil Corp. Ransomware attacks have become increasingly common and disruptive in recent years. In April and March, the REvil ransomware gang demanded $50 million from Apple supplier Quanta and Acer. Even Cyberpunk 2077 developer CD Projekt Red had to deal with a lockout, which led to a delay in the game's second major patch coming out. Source: CNA Financial reportedly paid $40 million to resolve a ransomware attack