SECURITY
SECURITY
SECURITY
ATM maker Diebold Nixdorf hit by ProLock ransomware attack
Automatic teller machine maker and payment technology company Diebold Nixdorf Inc. has suffered a ransomware attack that disrupted some operations.
First reported today by security researcher Brian Krebs, the ransomware attack struck the company April 25 and affected services for more than 100 of the company’s customers. Diebold Nixdorf is the largest ATM provider in the United States and holds an estimated 35% of the global cash machine market.
The company said the attack did not affect its ATMs, customer networks or the general public but did disrupt a system that automates field service technician requests.
An investigation into the attack found that those behind it had deployed ProLock ransomware, a form of ransomware previously known as PwndLocker until it rebranded itself in March after fixing a bug that allowed a free decryptor to be created. The ransomware encrypts files on a victim’s machine while adding .proLock to the file name.
Those infected are then asked to pay a ransom for a decryption key. The ransomware is distributed via malicious BMP files. The distribution path for the ransomware is not known.
Diebold Nixdorf said it did not pay the ransom but declined to discuss the amount requested. Previous ProLock and PwndLocker ransomware attacks have typically involved demands for payment in the six-figure range.
“This serves as a lesson that ransomware can impact organizations regardless of their size and technical stature,” Erich Kron, security awareness advocate at security awareness training company KnowBe4 Inc., told SiliconANGLE. “In this case, Diebold was fortunate enough to have segmented their network, limiting the damage to the corporate network and sparing the other critical network systems and impact to customers.”
Kron added that ransomware hasn’t taken a break during the pandemic. “For this reason, organizations need to ensure they are prepared for attacks such as this by training users to spot and report phishing attacks, the most common way ransomware spreads and be ready with good endpoint protection and backups to help in the event the attack is successful,” he advised.
Image: Diebold Nixdorf
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
