According to a British cybersecurity firm, Hong Kong marketing business Fimmick has been attacked by ransomware. McDonald’s, Coca-Cola, Shell, Asus, and other high-profile clients are served by Fimmick’s offices in Hong Kong and throughout China.
Currently, their website is offline. Matt Lane, CEO of X Cyber Group, a cybersecurity business located in the United Kingdom, said his staff frequently “scrutinizes the actions of cybercriminals for proof of their behaviors” to safeguard clients and consumers. On Tuesday, they found that REvil had hacked Fimmick’s databases and claimed to have data from many international companies. Lane also shared relevant screenshots.
“We discovered this intelligence as part of those routine activities. We noted, with interest, that the attacker’s ‘Happy Blog’ also appears to be temporarily unavailable but have no further information as to why that might be,” Lane said. “You can see Cetaphil, Coca-Cola, Hana-Musubi and Kate Spade are listed.”
Because of their links to larger organizations with more valuable data, ransomware gangs have attacked marketing firms several times in recent years.
According to John Hammond, a senior security researcher at Huntress, the most appealing targets for ransomware operators are those that lead to new targets. Marketing agencies, public relations firms, and organizations that work closely with other businesses may have access to a wealth of data and information that makes identifying the next victim much easier.
As with service providers, attacking one might set off a chain reaction that targets others with whom the initial victim collaborated. Ransomware gangs might gain more return for their efforts by attacking a marketing or public relations business.
According to an expert from the cybersecurity firm Recorded Future, ransomware targeted at least three other marketing businesses in the previous year. Their names are Wieden+Kennedy, MBA Group, and Empirical Research Partners.
The number of marketing businesses affected is certainly far greater, but unlike schools or hospitals, it seldom makes the headlines when a marketing firm is struck by ransomware.