Ransomware Attack Targets “Israeli” Ness IT Company

The details of the cyberattack remain unclear, but initial reports indicate that the attack may have begun in the “Israeli” entity and then spread to other Ness branches around the world.

Ness has worked for over two decades to develop and integrate software products and digital platforms for companies and government agencies.

"This is a significant, rolling event, which started at high intensities last night. There is currently chaos and we are trying to keep it low profile, with the company's internal intervention teams. At the moment we do not see it spreading to customers," said a source involved in handling the attack to Ynet.

Shachar Efal, CEO of Ness Technologies, told Ynet that all their systems had been tested and that there was no intrusion into the company or its customers, which include hundreds of customers in the “Israeli” entity.

Ness Technologies, which operates in the “Israeli” entity, stressed that it was not being affected by the cyberattack and that while they were connected to the Ness companies in India and the US in the past, they have not been connected for the past seven years.

The company has worked in the past with the “Israeli” Occupation Forces [IOF], “Israel” Aerospace Industries, “Israel” Post, the “Israel” Airport Authority and the Hebrew University, among other companies and government bodies.

According to Meyron, over 150 servers in the “Israeli” entity and about 1,000 servers outside of the entity are being scanned by McAfee in light of the attack. The managers of the company's India branch have reportedly begun managing the incident and have brought their insurer, AIG, into the picture.

A screenshot of the message displayed as part of the attack reads "Hello ness-digital-engineering! If you (sic) reading this message, it means your network was PENETRATED and all of your files and data has (sic) been ENCRYPTED by RAGNAR LOCKER!" The message instructs the company to contact a live chat provided in the message to resolve the case and "make a deal."

Companies targeted by the ransomware include the Capcom gaming company and the Italian beverage company Campari Group. The hacking group behind Ragnar Locker has even taken out Facebook ads through hacked accounts in order to publicize their ransom attacks.

The FBI advised companies to back-up critical data offline and securely, install and regularly update anti-virus or anti-malware software, use multi-factor authentication and keep devices patched and up-to-date, among other measures.

Meyron stressed that cyber insurance is "a necessary tool in any assessment plan, but only after real assessments have been made and the organization understands and knows what it will need to do, depending on which triggers and schedules, to activate the playbook and respond correctly and effectively to the attack."

The cybersecurity consultant explained that insurance policies are rarely precisely tailored to the needs of the company and added that in the attack on Ness, the incident managers in India were reporting a delayed response from AIG due to the different time zones involved in the incident.

"The event that is currently underway illustrates the real challenge of managing a cyber event," Meyron said. "The rate of spread is so fast. We know today that ransomware attacks can encrypt thousands of workstations in just a few hours and that does not even include the threat of disseminating the information itself, other misuse and other business, financial and legal damages yet to come."

The attack comes after a series of cyberattacks on “Israeli” businesses and institutions, including “Israel” Aerospace Industries, the Shirbit insurance company, Ben-Gurion University and the Amital software company.