UK security firm: A Hong Kong company hit by REvil ransomware

Fimmick, a Hong Kong-based marketing company serving several high-profile clients including McDonald’s, Coca-Cola, Shell, Asus, and others, was hit by a ransomware attack.

Hong Kong-based marketing firm Fimmick has been hit by a ransomware attack, according to British cybersecurity firm X Cyber ​​Group.

Fimmick has offices in Hong Kong and the Mainland, serving McDonald’s, Coca-Cola, Shell, Asus and many other high-profile clients.

Their website is currently down and there was no response to ZDNet’s request for comment. Matt Lane, chief executive of X Cyber ​​Group, said his team regularly “scrutinizes the activities of cybercriminals for evidence of their behavior” to protect customers and patrons.

On Tuesday, they discovered that REvil had hacked into Fimmick’s database and claimed to have data on some global brands. Lane shared a screenshot of a post showing REvil making threats against Fimmick, including information stolen from the company’s website.

“We found this intelligence to be part of these routine activities. We note with interest that the attacker’s blog also appears to be temporarily unavailable, but there is no further information on why this is the case,” Lane said, adding that the criminal group The directory structure of the stolen data was also shared.

“You can see Coca-Cola, Cetaphil, Hana-Musubi and Kate Spade all listed.”

Marketing firms more vulnerable to cyberattacks

Over the past few years, ransomware gangs have repeatedly targeted marketing companies because of their ties to larger companies with more valuable data.

For ransomware operators, the most attractive targets are those who can lead to more targets, said John Hammond, senior security researcher at Huntress.

Hammond said: “Just as cybercriminals prefer the brute force approach – always picking the easiest target and the low hanging fruit. Ransomware gangs prefer a one-to-many approach, which requires less effort to bring greater results.”

“Marketing firms, PR firms, and organizations that are closely aligned with other businesses can have vast amounts of data and information, making it easier to target the next victim. Just like a service provider, attacking an organization can have a domino effect that will Other collaborators of the original victim are targeted. Attacking a marketing or PR firm can make the ransomware gang more profitable.”

At least three marketing firms were hit by ransomware last year, said Allan Liska, a ransomware expert at threat intelligence firm Recorded Future.

Wieden+Kennedy was attacked in November 2020, but was forced to notify Oregon Department of Justice officials in April after employees’ personal information was exposed in the incident. MBA Group was attacked in March this year, and Empirical Research Partners was attacked in September.

“I don’t know if they are particularly mature compared to other industries, but I can see that marketing companies are more vulnerable to attacks, especially phishing attacks, because they are used to dealing with a different customer base and may receive a lot of Emails with attachments, which are the favorite initial access vector for many ransomware groups,” Liska said.

“The actual number of marketing companies being attacked may be much higher, but unlike hospitals or schools, when a marketing company is attacked by ransomware, it doesn’t make the news.”