SeaChange video delivery provider discloses REVIL ransomware attack

US-based supplier of video delivery software solutions, SeaChange International, revealed that a ransomware attack disrupted its operations in Q1 2020.

SeaChange International, a US-based supplier of video delivery software solutions, revealed that a ransomware attack has disrupted its operations during the first quarter of 2020.

SeaChange’s customers include major organizations such as BBC, Cox, Verizon, AT&T, Vodafone, Direct TV, Liberty Global, and Dish Network Corporation.

In April, SeaChange International was the victim of the Sodinokibi Ransomware gang.

At the time of the attack, the ransomware operators published images of the data they claim to have stolen before encrypting the systems at the company.

The news was also confirmed by the experts at the data breach notification service Under the Breach.

Sodinokibi/REVil ransomware operators posted images of SeaChange’s data on the leak site, they have created a page to the company containing images of allegedly stolen documents.

These images include a screenshot of folders on a SeaChange server compromised by the gang, insurance certificates, a driver’s license, and a cover letter for a proposal sent to the Pentagon.

After months of silence, SeaChange finally confirmed the ransomware attack, the company filed a 10-Q quarterly report with the US Securities and Exchange Commission (SEC).

“In the first quarter of fiscal 2021, we experienced a ransomware attack on our information technology system,” reads the report.

“While such attack did not have a material adverse effect on our business operation, it caused a temporary disruption. A forensic investigation is being conducted to determine if any data was compromised.”

The company did not disclose details of the attack, at the time the experts from BadPackets pointed out that attackers might have exploited the Pulse Secure VPN CVE-2019-11510 to compromise the company.

BadPackets reported that SeaChange had a Pulse Secure VPN server (https://vpn.schange.com ) vulnerable to CVE-2019-11510 from April 24, 2019 until March 24, 2020.

Recently, the Chilean bank BancoEstado, one of the country’s biggest banks, was forced to shut down all branches following a REVil ransomware attack..

The REvil ransomware gang is one of the most active groups, in the past, the operators have targeted Pulse Secure and Citrix VPN and enterprise gateway systems as entry points.

The list of victims is long and includes Telecom Argentina, Sri Lanka Telecom, Valley Health Systems, Australian firm Lion, Brown-Forman, the electrical energy company Light S.A., and Elexon electrical middleman.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Seachange)

[adrotate banner=”5″]

[adrotate banner=”13″]