KrebsonSecurity Reported That TTEC Hit With Ransomware Attack

KrebsonSecurity reported that TTEC hit with ransomware attack teams servicing Bank of America, Verizon and others were unable to work

TTEC, a customer experience technology company based in the United States, has disclosed a “cybersecurity problem,” but employees have confirmed that it was affected by ransomware.

According to KrebsonSecurity, the corporation, which has roughly 61,000 employees and billions in annual revenue, issued a message to staff this week advising them not to click on a URL marked “!RA!G!N!A!R!” The statement suggests that the attack was carried either by the well-known Ragnar Locker ransomware organisation, or someone attempting to spoof them.

TTEC informed employees that the company was experiencing system disruptions and that it was working to remove the malicious “!RA!G!N!A!R!” file from its network.

TTEC corporate communications vice president Tim Blair would not confirm that the incident was caused by ransomware, but he did say that part of the company’s data was encrypted and that “business activities at various facilities have been momentarily impacted” in a statement to ZDNet.

“TTEC immediately activated its information security incident response business continuity protocols, isolated the systems involved, and took other appropriate measures to contain the incident,” Blair said.

“We are now in the process of carefully and deliberately restoring the systems that have been involved. We also launched an investigation, typical under the circumstances, to determine the potential impacts. In serving our clients TTEC generally does not maintain our clients’ data, and the investigation to date has not identified compromise to clients’ data. That investigation is on-going and we will take additional action, as appropriate, based on the investigation’s results.”

Verizon, Best Buy, Dish Network, Bank of America, and Kaiser Permanente are just a few of the firms that TTEC works with.

A reader provided the internal message to KrebsonSecurity, who stated that the “widespread” system outage began on Sunday, September 12. Thousands of TTEC personnel working on accounts for Verizon, Kaiser Permanente, and Bank of America were unable to perform any duties as a result of the attack, according to the source, while many other customer care teams reported being unable to operate.

According to KnowBe4 security advocate James McQuiggan, ransomware groups often target enterprises with huge client bases that rely on services or a product, knowing that it will disrupt business and have a trickle-down effect on all customers.

“Ransomware attacks have been known to hinder the business and steal intellectual property, client information and employee information. The cyber criminals then use this information to extort the employees or customers for additional money or be in fear of their data being released publicly,” McQuiggan said.

The Ragnar Locker ransomware group has recently made headlines for their remarks against victims who call law enforcement or expert negotiators.

If victims ventured to call cybersecurity companies or law authorities, the gang warned on their darknet leaksite, it would destroy decryption keys and reveal all sensitive data stolen.

“So from this moment we warn all our clients, if you will hire any recovery company for negotiations or if you will send requests to the police/FBI/investigators, we will consider this as a hostile intent and we will initiate the publication of whole compromised data immediately,” the group said, according to a note seen by BleepingComputer.

The gang has previously targeted large corporations in China, including Capcom, Campari, EDP, CD Projekt Red, and a number of shipping titans.