Zaun, a UK company that supplies military bases with high-security fencing, suffered a partially successful ransomware attack, with the hackers’ apparent point of entry a PC endpoint running the obsolete Windows 7 software.
In a statement, Zaun admitted the LockBit threat actor managed to compromise the company’s infrastructure and steal roughly 10GB of data.
It did not manage to deploy the ransomware encryptor, and the company also said that the attackers didn’t take any sensitive information.
“We do not believe that any classified documents were stored on the system or have been compromised,” the announcement reads, adding that LockBit appears to have published the stolen data on the dark web.
The National Cyber Security Centre (NCSC) and the UK’s Information Commissioner’s Office (ICO) were both notified of the incident.
Ransomware is a relatively novel method of cybercrime that’s only been around for a couple of years, but since hackers can extort the victims for millions of dollars, it quickly rose to fame. The wider cybersecurity community, as well as law enforcement, have since been urging organizations to keep their endpoints secure, not just by enforcing strong password policies and multi-factor authentication, but also by regularly deploying patches and updates.
When software reaches its end-of-life date, like Windows 7 did back in early 2020, it no longer receives updates. Hence, if someone for example discovers a high-severity flaw that grants remote code execution capabilities, the software’s makers will not release a patch and users will be left at risk. For Windows 7, Microsoft offered Extended Security Updates for sale, but the service was shut down in early 2023. Mainstream support ended in 2015, and the OS’ end of life was in January 10, 2020.
LockBit is one of the largest and most active ransomware operators around, which has so far assaulted dozens of organizations around the world.