[German]The ATM manufacturer Diebold Nixdorf has already fallen victim to a cyber attack with ransomware on April 25, 2020. This was reported by various media.
The Diebold Nixdorf Holding Germany Inc. & Co. KGaA (formerly Wincor Nixdorf) with headquarters in Paderborn is a provider of IT solutions and services for retail banks. The company has been majority-owned by the US Diebold Nixdorf Group since 2016. The group employs 35,000 people. In Germany, Diebold Nixdorf is primarily known as a manufacturer of ATMs for banks and possibly as a provider of POS systems.
Now the company has probably fallen victim to a ransomware cyber attack. Blog-reader 1ST1 has pointed out the issue in this comment (thanks for that). Both Security Week and KrebsOnSecurity have published corresponding articles.
ATM manufacturer Diebold Nixdorf confirmed on Monday, according to Security Week’s report, that it was recently confronted with a ransom demand because IT was affected by ransomware. According to the company, the incident had caused only “a limited IT system failure”. “Once we discovered the problem, we were able to quickly restore service to the main affected systems. We also immediately engaged a leading cyber security company and notified law enforcement,” the company told Security Week in an email.
Diebold Nixdorf told SecurityWeek that the incident had no impact on ATMs, customer networks or the general public and “its impact on the company’s business is not significant.
Brian Krebs reported here, that on Saturday night, April 25, 2020, the Diebold Company security team discovered anomalous behavior in its corporate network. Diebold suspected a ransomware attack and, according to the company, immediately began disconnecting systems on that network to contain the spread of malware.
Sources reported KrebsOnSecurity that Diebold’s response affected services to over 100 of the company’s customers. According to Diebold, a system that automates requests from field technicians was affected. However, neither customer networks nor the general public were affected. In a statement to KrebsOnSecurity
Diebold detected that the spread of malware had been interupted. The incident had no impact on ATMs, customer networks or the general public, and its impact was not material to our business. Unfortunately, cybercrime is a constant challenge for all businesses. Diebold Nixdorf takes the security of our systems and customer service very seriously. Our management has personally contacted customers to sensitize them to the situation and show them how we have addressed it.
According to Krebs, an analysis revealed that the attackers had installed the Ransomware ProLock. According to experts, this is a relatively unusual malware that has gone through several names and iterations in recent months. According to Brian Krebs, Diebold claims not to have paid a ransom. Details can be read in the article at KrebsOnSecurity.