SeaChange video delivery provider discloses REVIL ransomware attack

US-based supplier of video delivery software solutions, SeaChange International, revealed that a ransomware attack disrupted its operations in Q1 2020.

SeaChange International, a US-based supplier of video delivery software solutions, revealed that a ransomware attack has disrupted its operations during the first quarter of 2020.

SeaChange’s customers include major organizations such as BBC, Cox, Verizon, AT&T, Vodafone, Direct TV, Liberty Global, and Dish Network Corporation.

In April, SeaChange International was the victim of the Sodinokibi Ransomware gang.

At the time of the attack, the ransomware operators published images of the data they claim to have stolen before encrypting the systems at the company.

The news was also confirmed by the experts at the data breach notification service Under the Breach.

Sodinokibi/REVil ransomware operators posted images of SeaChange’s data on the leak site, they have created a page to the company containing images of allegedly stolen documents.

These images include a screenshot of folders on a SeaChange server compromised by the gang, insurance certificates, a driver’s license, and a cover letter for a proposal sent to the Pentagon.

After months of silence, SeaChange finally confirmed the ransomware attack, the company filed a 10-Q quarterly report with the US Securities and Exchange Commission (SEC).

“In the first quarter of fiscal 2021, we experienced a ransomware attack on our information technology system,” reads the report.

“While such attack did not have a material adverse effect on our business operation, it caused a temporary disruption. A forensic investigation is being conducted to determine if any data was compromised.”

The company did not disclose details of the attack, at the time the experts from BadPackets pointed out that attackers might have exploited the Pulse Secure VPN CVE-2019-11510 to compromise the company.

BadPackets reported that SeaChange had a Pulse Secure VPN server (https://vpn.schange.com ) vulnerable to CVE-2019-11510 from April 24, 2019 until March 24, 2020.

Recently, the Chilean bank BancoEstado, one of the country’s biggest banks, was forced to shut down all branches following a REVil ransomware attack..

The REvil ransomware gang is one of the most active groups, in the past, the operators have targeted Pulse Secure and Citrix VPN and enterprise gateway systems as entry points.

The list of victims is long and includes Telecom Argentina, Sri Lanka Telecom, Valley Health Systems, Australian firm Lion, Brown-Forman, the electrical energy company Light S.A., and Elexon electrical middleman.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Seachange)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.