HQ/EMEAFind out how we can help your business
Jakks Pacific, a US-based toy manufacturer, confirmed suffering from a ransomware attack based on the notice the company released last December 22. The toy manufacturer also reported that two separate ransomware gangs had attacked them and posted stolen data to their leak site.
According to the released statement, several company data had been stolen from Jakks Pacific, including individuals’ full names, email addresses, tax identification numbers, and banking details. The firm had teamed up with cybersecurity experts and relevant authorities to help them with investigations.
Despite some data extracted from the toy manufacturer, they believe the incident will not harm its business.
In a letter sent by the toy manufacturer to the US Securities and Exchange Commission (SEC), they mentioned learning about the security breach on December 14; thus, immediate incident protocols were launched.
The firm explained that as they are at the preliminary investigation stages, they believe the incident did not adversely impact its business operations and financial results. However, this assertion is contradicted by security experts since two different prolific ransomware groups claimed to have attacked the company, Hive, and BlackCat, which usually leaves victims with a negative aftermath.
Investigations show that the Hive gang had first posted stolen data from Jakks Pacific on their leak site on December 19, followed by the BlackCat gang on December 28. A Hive group representative told security researchers that the two gangs accessed the firm’s networks through an initial access broker, agreeing to share a $5 million ransom.
Nonetheless, Jakks Pacific declined to cooperate with them, which could force the two ransomware groups to leak the stolen data or sell it to other threat actors.
Security experts also underline the involvement of initial access brokers (IAB) and wholesale access markets as they become widespread in the ransomware landscape. Hive and BlackCat revealed that they did not access the victimised firm’s systems but bought access from initial access brokers.
Organisations can safeguard their infrastructure against IABs and ransomware groups by keeping systems updated with the latest security patches, training employees about cybercrime threats, activating web filters against malicious websites, and using VPN gateways that support multi-factor authentication (MFA).
