The archive contains internal business records and classified documentation relating to Door Controls USA, including production blueprints, machine-readable production code, financial and accounting records, as well as numerous legal documents, according to the forum article. On November 27-28, the archive was leaked. After Door Controls USA apparently declined to pay ransom to cybercriminals who violated the company’s network, it seems to have been shared on the hacker website.
What data has been leaked?
The leaked data seems to come from Door Controls USA, a Ben Wheeler, Texas-based commercial automatic and manual door component distributor and manufacturer. Established in 1995, the firm claims to provide “the widest range of products,” including door locks, bolts, controls, and more, in the automatic door industry. The archive appears to contain more than 140 GB worth of sensitive company info, spread into two directories, based on the samples we saw from the leak. One folder tends to contain financial and accounting information about the company, while the other is devoted to confidential details on research and growth, including:
Confidential plans, sketches, and blueprints of goods Machine-readable G-code instructions for the development of a range of patented mechanisms for door control Campus configurations of businesses and their evacuation plans Contracts Financial and audit data Credit card statements
Example of leaked manufacturing code:
Who had access to the data?
Since the archive was made accessible free of charge in the final week of November, we believe that a large portion of the hacker community has since been able to download and view the content. With that said, it is unclear how many members of the forum have already accessed the entire 140 GB cache, and how many are able or willing to use sensitive information for malicious purposes.
What’s the impact of the leak?
Most of the material in the archive tends to be organisational rather than personal in nature, which suggests that it is the organisation and its workers who are most likely to bear the brunt of the damage. Through selling sensitive company data to rivals for industrial espionage and strategic intelligence purposes, malicious hackers could make a lot of money. For example, the sale to rivals of Door Controls USA of manufacturing blueprints, machine-readable G-code manuals, or other intellectual property could damage the business by taking away its competitive advantage. In the other side, obtaining the financial and accounting records of the organisation, including credit card reports, will enable criminals to commit fraud in the name of Door Controls USA, such as applying for loans during the pandemic for coronavirus relief.
Next steps
Here are a few simple measures that your business should have in mind for companies that want to deter ransomware attacks:
Implement a smart vulnerability monitoring system or event management system for security events that can alert the system managers of the breach and help them avoid data exfiltration from company servers in time. Encrypt the sensitive information using a stable algorithm of salted encryption. Encrypted data would be all but worthless to any possible perpetrators in the case of a data loss, since it would be unavailable without an encryption key.