Japanese online shopping firm, Askul Corporation, has just confirmed that RansomHouse hackers actually stole about 740,000 customer records following the ransomware assault they experienced last October.
Askul is a large business to business and business-to-consumer office supplies and logistics e-commerce corporation that is owned by Yahoo! Japan Corporation.
This led to an IT system failure in October, which resulted in the suspension of shipments to customers, including the retail giant Muji.
The investigations into the incident’s scope and impact have now been concluded, and Askul says that the following types of data has been compromised:
🔹Business customer service data: approx. 590,000 records
🔹Individual customer service data: approx. 132,000 records
🔹Business partners (outsourcers, agents, suppliers): approx. 15,000 records
🔹Executives and employees (including group companies): approx. 2,700 records
Askul has reported that the minute details have been kept under wraps because the same data could have been misused, and customers have been informed.
In addition, the company has notified the country's Personal Information Protection Commission of this data breach and set up a monitoring system to protect against misuse of the stolen data.
However, as of December 15, order delivery is still being affected, and they are trying to get their systems up and running.
RansomHouse attack details
The attack on Askul has been attributed to the extortion group, RansomHouse. The hackers first revealed the attack on October 30 and then published two data dumps on November 10 and December 2.
Askul has revealed some information about how the threat actors broke into their systems, estimating that they used compromised authentication credentials in an outsourcing partner’s administrator account that lacked multi-factor authentication (MFA) protections.
"After successfully carrying out the initial intrusion, the attacker started reconnaissance on the network with the intent of gathering authentication data that would give them entry into various servers," reads the translation from Askul's report.
"The attacker further disables vulnerability countermeasure softwares like EDR solutions, switches between different servers, and attains the required privileges," stated the company.
Interestingly, it has been reported that several variants of the ransomware were used within the attack, some of which were able to evade the EDR signatures which were current at the time.
The group is known for its data theft as well as encrypting the files. According to Askul, the ransomware "resulted in data encryption and system failure."
According to Askul, this was accompanied by the distribution of the ransomware payload to numerous servers at once and deleting backup files to make recovery difficult.
As a countermeasure, the company took steps that included physically segmenting the affected networks, blocking communication between data centers and logistics centers, isolating affected devices, and updating EDR signatures.
In addition, MFA was implemented on all critical systems, and all administrative account passwords were changed.
The cost of the attack has not yet been determined. Askul has decided to postpone its earnings statement to give the company more time to make a financial assessment.
