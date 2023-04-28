CommScope was hit by a ransomware attack in late March and the hackers are claiming to have posted data taken from the company online.

Earlier this week, the Hickory-based fiber optic cable manufacturer said they were looking into these claims while also emphasizing they had seen no indication that client information has been compromised.

Brett Callow, a Canadian-based threat analyst with the firm Emsisoft, confirmed the hacker group Vice Society has posted a link to information purportedly taken from CommScope on the dark web, the part of the internet which is inaccessible by search engines and is often used by cybercriminals.

What exactly that data is, Callow can’t say.

“I don’t access the data in these cases,” Callow said. “I have no reason to further invade people’s privacy.”

Online newspaper TechCrunch has reported the information includes employee information such as Social Security numbers and bank information.

Callow said he does not know who is behind the Vice Society hacking group but said they appear to have formed in 2021 and have targeted institutions such as schools but seem to now have moved on to larger organizations.

Callow also discussed how these attacks typically play out. Generally, he said, the hackers will infiltrate an organization’s system, copy data and then lock the organization’s system until they make good on the ransom.

“The ransom they demand then covers two parts: providing a key to unlock the computers and a pinkie promise that the stolen data will be destroyed,” Callow said.

While it is possible attackers may release the data even if a ransom is paid, Callow said the fact that data from CommScope has apparently been leaked online strongly suggests the company did not pay a ransom.

If so, that’s the right call, he said. While some organizations may have difficulty regaining access to their systems following an attack, Callow said the best route is to avoiding meeting the hacker’s demands if at all possible.

The attack was discovered shortly before the company publicly announced an expansion that would include the creation of 250 jobs and introduction of a new fiber optic cable intended to expand broadband access to rural areas.

Gov. Roy Cooper and U.S. Commerce Secretary Gina Raimondo visited a CommScope manufacturing plant for the announcement.

Callow believes the timing may not be coincidental.

“It has been established that it’s not unusual for groups to delay encrypting the files until what they consider an advantageous time — shortly before a merger for example,” Callow said. “Also, shortly before a company is due to make a big press announcement or get a visit from whomever it was that visited.”

When it comes to ransomware attacks, Callow said there is no typical target.

“I saw a day care listed this morning. So, it’s everyone,” he said.

He said there is no easy answer for how to guard against these attacks but he did recommend ensuring basic security procedures are in place, particularly things like requiring multifactor verification for accessing systems.

For organizations that have been attacked, he said it’s best to seek expertise.

“Really, the best advice for any organizations that find themselves in this position is to get help from a company that specializes in responding to these incidents,” Callow said.