Seemingly dozens of notable organizations each day are disclosing that they have been hit with a ransomware attack, including governments, hospitals and now toymaker Mattel.
The manufacturer of toys disclosed in its quarterly report filed with the U.S. Securities and Exchange Commission that ransomware attack this past summer caused “a number of systems to be encrypted.”
On July 28, 2020, Mattel discovered that it was the victim of a ransomware attack on its information technology systems that caused data on a number of systems to be encrypted.
Promptly upon detection of the attack, Mattel began enacting its response protocols and taking a series of measures to stop the attack and restore impacted systems. Mattel contained the attack and, although some business functions were temporarily impacted, Mattel restored its operations.
A forensic investigation of the incident has concluded, and no exfiltration of any sensitive business data or retail customer, supplier, consumer, or employee data was identified. There has been no material impact to Mattel’s operations or financial condition as a result of the incident.
The filing didn’t elaborate further on the attack, but a report from BleepingComputer indicates that notorious botnet TrickBot may have been the culprit.
Microsoft and an international group of tech organizations earlier this year worked together to secure a U.S. court order to disrupt Trickbot and cut off key infrastructure so the operators of Trickbot can’t initiate new infections or activate ransomware that has already been dropped into computer systems.
Microsoft announced that news just last month, so it’s entirely feasible that Trickbot infected Mattel before Microsoft and other organizations took that action.
The court order allowed Microsoft and its partners to disable the IP addresses Microsoft identified during its investigation. That rendered the content stored on the command and control servers inaccessible and suspended all services to the botnet operators.
It also blocked their efforts to purchase or lease additional services.
The action also helps to protect other organizations across various industries like financial services, government, healthcare, universities and other businesses.