Nefilim ransomware attacks Beyoncé’s lingerie maker

A new malware is wreaking havoc, attacking a Sri Lankan lingerie maker and an Australian shipping giant. Known as Nefilim, the ransomware attacked MAS Holdings, the company that manufactures lingerie for Beyoncé, Victoria’s Secret and more.

The cybercriminals attacked MAS Holdings on May 5, claiming to steal over 300 GB worth of data from the Sri Lankan company. They then went on to publish some of the stolen files online and demanded ransom, threatening to publish the rest of the data if their demands aren’t met.

Some of the documents they published include audit documents featuring the employees’ payroll summaries, Sky News reports. MAS Holdings has refused to shed light on the data breach, stating, “MAS is constantly reviewing its security posture and threat actors do attempt to penetrate our network at times. We also adopt best practices in line with industry standards in managing such threats.”

MAS Holdings is the manufacturer of lingerie for top brands including singer Beyoncé’s Ivy Park and Victoria’s Secret.

Nefilim has also targeted Australian shipping giant Toll Group. Just as with MAS Holdings, the criminals demanded payment from the company, threatening to publish the stolen data if demands are not met. Toll Group has, however, stood its ground and made it clear that it will not be extorted.

“Toll has no intention of engaging with any ransom demands, and there is no evidence at this stage to suggest that any data has been extracted from our network. We are in regular contact with the Australian Cyber Security Centre (ACSC) on the progress of the incident,” the company stated, as reported by local outlet ITNews.

The shipping company, owned by the Japan Post, has had to shut down some of its customer-facing systems. This attack couldn’t have come at a worse time, given the rapid surge in importance of courier shipping amid the COVID-19 pandemic. The company has had to turn to manual processes to keep up with its clients’ needs.

“We have been in contact from the outset with various customers impacted by the issue and we continue to work with them to minimize any disruption,” the company told the outlet.

According to security researchers, ransomware that steals data and threatens to publish it online to extort payment has been rising in recent times.

Brett Callow a senior security expert at cyber security company Emsisoft told Sky News, “The stolen data is increasingly being weaponized in these cases with groups threatening to sell it on the dark web or to competitors, or to use it for identity theft, or to spear phish customers and business partners.”

According to Callow, a company in this type of situation has no good options available to it. Even if it ends up paying the ransom, the data could still be weaponized and used in spear phishing campaigns. “Speedy disclosure is absolutely critical in these cases given the risk they present to the both individuals and other companies,” he stated.

New to Bitcoin? Check out CoinGeek’s Bitcoin for Beginners section, the ultimate resource guide to learn more about Bitcoin—as originally envisioned by Satoshi Nakamoto—and blockchain.