Further Car-Part.com investigation into a ransomware attack on a recycler revealed the extortion software was not delivered by a party pretending to be affiliated with the company but rather came in an email using a different disguise.
Initial reports received by Car-Part.com as to the vector and disguise of the cyberextortion effort were incorrect or unclear, company co-founder and Vice President Roger Schroder wrote in an email late Friday.
But the company thought it would be prudent to warn the industry immediately and continue to investigate rather than take the risk of the virus spreading while it looked into the matter. It also has contacted the FBI about the matter.
“After we investigated further, It was not someone posing as a Car-Part.com employee and they did not call to gain access,” Schroder wrote Friday. “The facts were distorted when they got to me on Wednesday and preferring to be safe rather than sorry, we (provided) the warning hoping it would slow down any new people … getting the virus if there was a new way hackers were trying to gain access. We would have hated to not send any warning out then find out hackers were gaining access to more systems via a new disguise.”
Car-Part.com, the Automotive Recyclers Association and the United Recyclers Group all warned collision repairers earlier in the week about the attack.
The crime saw a recycler suffering the encryption of its website images and the extortionist or extortionists demanding payment to restore the data.
A note requested bitcoin, a virtual currency; 1 bitcoin was worth about $409.38 early Saturday afternoon, according to CoinDesk.
Schroder on Friday also provided a copy of a recent newsletter update to customers.
As noted in our message earlier this week, Car-Part.com received a report that someone contacted a recycler in order to gain access to the recycler’s inventory management system, encrypted the recycler’s part images, and demanded a ransom in order to remove the encryption. After investigating the reported incident in more detail, it is now clear that the information we originally received regarding this report was inaccurate. The affected recycler was infected with a ransomware virus via an email. The email in question did not claim to be from Car-Part, and is an example of a ransomware virus. We strongly recommend that recyclers have current anti-virus software installed on all of your computers. As originally reported, it appeared to be an example of a social engineering attack. We strongly recommend that you do not provide sensitive information or system access to anyone you don’t know and trust. Both of these types of attacks are becoming more common. These attacks can happen to anyone (regardless of the management systems or data collectors they use), so it is important that you exercise best practices to protect yourself. …
As Car-Part.com and federal authorities will tell you, the threat from ransomware delivered through email and popups is still very real, and recyclers and collision repairers should remain vigilant. So should any small business.
There are steps you can take to protect yourself — including backing up data religiously and keeping it offsite in case of natural disasters. (A portable 500-gigabyte hard drive is about $50; buy one, back it up, and save the few hundred dollars ransomware attackers typically demand.)