Ransomware infection at major cybersecurity firm Cygilant

Ironically, cybersecurity companies are the organizations most exposed to hacking incidents. Such is the case with Cygilant, a firm dedicated to detecting cybersecurity threats that has fallen victim to a ransomware infection. Through an official statement, CFO Christina Lattuca acknowledged that the firm was aware of a recent encryption malware infection affecting some of the company's systems.

In the statement, the company mentions:

"Our Cyber Defense and Response Center has already taken the appropriate steps to stop the infection. We are working together with external specialists and relevant authorities to determine the impact of this attack."

Nothing is yet known about those responsible for the attack or the ransomware variant used, though some members of the cybersecurity community attribute the incident to NetWalker, a ransomware-as-a-service group that makes its tools and capabilities available to anyone willing to pay the price.

It has become common practice for threat actors not to limit themselves to encrypting compromised information, as they now also steal data and publish it on hacking forums — which is exactly what company executives feared might be the case. Cygilant's fears were confirmed shortly after, when screenshots of files and directories from the company's internal network were published on a dark website. At the time of publication the data had been removed from that forum, though it remains unknown whether the company paid the ransom.

Brett Callow, from security firm Emsisoft, states that these hacker groups typically remove exposed information after companies pay the ransom, though other scenarios exist: "Sometimes criminals temporarily remove this information to negotiate a ransom, so it is not yet possible to confirm whether Cygilant has already made any payment."