Popular staffing company Randstad has suffered a ransomware attack in which threat actors stole unencrypted files from its network. In an official release, the HR agency stated that the Egregor ransomware group illicitly obtained access to the company’s global IT environment, which affected certain servers. The incident impacted operations in the U.S., Poland, Italy, and France offices.
While there is no information on what data has been accessed by attackers, the company stated that its systems are running without interruption and there has not been any disruption in operations. Randstad has engaged third-party cybersecurity and forensic experts to investigate the incident. The company also highlighted that malicious actors have become highly sophisticated and aggressive in recent months, resulting in numerous cyberattacks on organizations globally.
“Prompt global action was taken to mitigate the incident while further protecting Randstad’s systems, operations, and data. As a result, a limited number of servers were impacted. Our systems have continued running without interruption and there has not been any disruption to our operations. Based on our current investigation, there is no indication that any third-party systems were impacted. Relevant regulatory authorities and law enforcement agencies have been notified,” Randstad stated.
Egregor Targeting Global Firms
Cybersecurity researchers from Appgate recently stated that the Egregor ransomware variant is targeting organizations globally to encrypt files that hold sensitive information. Egregor seems to be derived from the Sekhmet malware family. The threat group uses code obfuscation and packed payloads to escape security detection. The researchers also found Egregor’s news website, hosted on the dark web, is used for leaking stolen data and other malicious activities. Read the full story here…