Diebold Nixdorf’s corporate network hit by ransomware attack
Diebold Nixdorf has been hit by a ransomware attack that disrupted a collection of its operations.
The ATM and payments software provider has said in a statement that its customer networks were unaffected by the attack – now dealt with – which broke into its corporate operations.
Diebold Nixdorf is the largest ATM provider in the US and has more than a third of the market worldwide.
Security researcher Brian Krebs, who broke the news, reports that the attackers used the ProLock ransomware, a successor of the PwndLocker kit.
ProLock works by appending its own executable file to the end of all the files it encrypts, sometimes adding it multiple times to increase the layers of obfuscation.
Victims can get their files back by paying a ransom, with instructions on how to pay it provided in a Tor website, which is linked to via a text file the attackers leave behind.
The infection was discovered in late April, and Diebold Nixdorf states that it did not pay the ransom demanded by the attackers.
In early April the average price asked for by attackers was around 60 BTC, or $570,000.
As a rule, programs like ProLock are designed to encrypt files and keep them inaccessible unless victims decrypt them with tools that can be purchased from their developers.
In many cases, however, once the ransom has been paid the developers disappear and do not provide the promised solution, leaving their victims out of pocket and locked out of their data.
“Diebold has determined that the spread of the malware has been contained,” Diebold said in a written statement to Krebs’s online blog KrebsOnSecurity.
“Our leadership has connected personally with customers to make them aware of the situation and how we addressed it.”