UPDATED 22:02 EST / MAY 11 2020

SECURITY

ATM maker Diebold Nixdorf hit by ProLock ransomware attack

Automatic teller machine maker and payment technology company Diebold Nixdorf Inc. has suffered a ransomware attack that disrupted some operations.

First reported today by security researcher Brian Krebs, the ransomware attack struck the company April 25 and affected services for more than 100 of the company’s customers. Diebold Nixdorf is the largest ATM provider in the United States and holds an estimated 35% of the global cash machine market.

The company said the attack did not affect its ATMs, customer networks or the general public but did disrupt a system that automates field service technician requests.

An investigation into the attack found that those behind it had deployed ProLock ransomware, a form of ransomware previously known as PwndLocker until it rebranded itself in March after fixing a bug that allowed a free decryptor to be created. The ransomware encrypts files on a victim’s machine while adding .proLock to the file name.

Those infected are then asked to pay a ransom for a decryption key. The ransomware is distributed via malicious BMP files. The distribution path for the ransomware is not known.

Diebold Nixdorf said it did not pay the ransom but declined to discuss the amount requested. Previous ProLock and PwndLocker ransomware attacks have typically involved demands for payment in the six-figure range.

“This serves as a lesson that ransomware can impact organizations regardless of their size and technical stature,”  Erich Kron, security awareness advocate at security awareness training company KnowBe4 Inc., told SiliconANGLE. “In this case, Diebold was fortunate enough to have segmented their network, limiting the damage to the corporate network and sparing the other critical network systems and impact to customers.”

Kron added that ransomware hasn’t taken a break during the pandemic. “For this reason, organizations need to ensure they are prepared for attacks such as this by training users to spot and report phishing attacks, the most common way ransomware spreads and be ready with good endpoint protection and backups to help in the event the attack is successful,” he advised.

Image: Diebold Nixdorf

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU