Base Operations raises $2.2 million to modernize physical enterprise security

Typically when we talk about tech and security, the mind naturally jumps to cybersecurity. But equally important, especially for global companies with large, multinational organizations, is physical security – a key function at most medium-to-large enterprises, and yet one that to date, hasn’t really done much to take advantage of recent advances in technology. Enter Base Operations, a startup founded by risk management professional Cory Siskind in 2018. Base Operations just closed their $2.2 million seed funding round, and will use the money to capitalize on its recent launch of a street-level threat mapping platform for use in supporting enterprise security operations.

The funding, led by Good Growth Capital and including investors like Magma Partners, First In Capital, Gaingels and First Round Capital founder Howard Morgan, will be used primarily for hiring, as Base Operations looks to continue its team growth after doubling its employe base this past month. It’ll also be put to use extending and improving the company’s product, and growing the startup’s global footprint. I talked to Siskind about her company’s plans on the heels of this round, as well as the wider opportunity and how her company is serving the market in a novel way.

“What we do at Base Operations is help companies keep their people in operation secure with ‘Micro Intelligence,’ which is street-level threat assessments that facilitate a variety of routine security tasks in the travel security, real estate and supply chain security buckets,” Siskind explained. “Anything that the Chief Security Officer would be in charge of, but not cyber – so anything that intersects with the physical world.”

Siskind has first-hand experience about the complexity and challenges that enter into enterprise security, since she began her career working for global strategic risk consultancy firm Control Risks in Mexico City. Because of her time in the industry, she’s keenly aware of just how far physical and political security operations lag behind their cybersecurity counterparts. It’s an often-overlooked aspect of corporate risk management, particularly since in the past it’s been something that most employees at North American companies only ever encounter periodically, when their roles involve frequent travel. The events of the past couple of years have changed that, however.

“This was the last bastion of a company that hadn’t been optimized by a SaaS platform, basically, so there was some resistance and some allegiance to legacy players,” Siskind told me. “However, the events of 2020 sort of turned everything on its head, and companies realized that the security department ,and what happens in the physical world, is not just about compliance – it’s actually a strategic advantage to invest in those sort of services, because it helps you maintain business continuity.”

The COVID-19 pandemic, increased frequency and severity of natural disasters, and global political unrest all had significant impact on businesses worldwide in 2020, and Siskind says that this has proven a watershed moment in how enterprises consider physical security in their overall risk profile and strategic planning cycles.

“[Companies] have just realized that if you don’t invest and how to keep your operations running smoothly in the face of rising catastrophic events, you’re never going to achieve the the profits that you need, because it’s too choppy, and you have all sorts of problems,” she said.

Base Operations addresses this problem by taking available data from a range of sources and pulling it together to inform threat profiles. Their technology is all about making sense of the myriad stream of information we encounter daily – taking the wash of news that we sometimes associate with ‘doom-scrolling’ on social media, for instance, and combining it with other sources using machine learning to extrapolate actionable insights.

Those sources of information include “government statistics, social media, local news, data from partnerships, like NGOs and universities,” Siskind said. That data set powers their Micro Intelligence platform, and while the startup’s focus today is on helping enterprises keep people safe, while maintaining their operations, you can easily see how the same information could power everything from planning future geographical expansion, to tailoring product development to address specific markets.

Siskind saw there was a need for this kind of approach to an aspect of business that’s essential, but that has been relatively slow to adopt new technologies. From her vantage point two years ago, however, she couldn’t have anticipated just how urgent the need for better, more scalable enterprise security solutions would arise, and Base Operations now seems perfectly positioned to help with that need.

Base Operations raises $2.2 million to modernize physical enterprise security

Typically when we talk about tech and security, the mind naturally jumps to cybersecurity. But equally important, especially for global companies with large, multinational organizations, is physical security – a key function at most medium-to-large enterprises, and yet one that to date, hasn’t really done much to take advantage of recent advances in technology. Enter Base Operations, a startup founded by risk management professional Cory Siskind in 2018. Base Operations just closed their $2.2 million seed funding round, and will use the money to capitalize on its recent launch of a street-level threat mapping platform for use in supporting enterprise security operations.

The funding, led by Good Growth Capital and including investors like Magma Partners, First In Capital, Gaingels and First Round Capital founder Howard Morgan, will be used primarily for hiring, as Base Operations looks to continue its team growth after doubling its employe base this past month. It’ll also be put to use extending and improving the company’s product, and growing the startup’s global footprint. I talked to Siskind about her company’s plans on the heels of this round, as well as the wider opportunity and how her company is serving the market in a novel way.

“What we do at Base Operations is help companies keep their people in operation secure with ‘Micro Intelligence,’ which is street-level threat assessments that facilitate a variety of routine security tasks in the travel security, real estate and supply chain security buckets,” Siskind explained. “Anything that the Chief Security Officer would be in charge of, but not cyber – so anything that intersects with the physical world.”

Siskind has first-hand experience about the complexity and challenges that enter into enterprise security, since she began her career working for global strategic risk consultancy firm Control Risks in Mexico City. Because of her time in the industry, she’s keenly aware of just how far physical and political security operations lag behind their cybersecurity counterparts. It’s an often-overlooked aspect of corporate risk management, particularly since in the past it’s been something that most employees at North American companies only ever encounter periodically, when their roles involve frequent travel. The events of the past couple of years have changed that, however.

“This was the last bastion of a company that hadn’t been optimized by a SaaS platform, basically, so there was some resistance and some allegiance to legacy players,” Siskind told me. “However, the events of 2020 sort of turned everything on its head, and companies realized that the security department ,and what happens in the physical world, is not just about compliance – it’s actually a strategic advantage to invest in those sort of services, because it helps you maintain business continuity.”

The COVID-19 pandemic, increased frequency and severity of natural disasters, and global political unrest all had significant impact on businesses worldwide in 2020, and Siskind says that this has proven a watershed moment in how enterprises consider physical security in their overall risk profile and strategic planning cycles.

“[Companies] have just realized that if you don’t invest and how to keep your operations running smoothly in the face of rising catastrophic events, you’re never going to achieve the the profits that you need, because it’s too choppy, and you have all sorts of problems,” she said.

Base Operations addresses this problem by taking available data from a range of sources and pulling it together to inform threat profiles. Their technology is all about making sense of the myriad stream of information we encounter daily – taking the wash of news that we sometimes associate with ‘doom-scrolling’ on social media, for instance, and combining it with other sources using machine learning to extrapolate actionable insights.

Those sources of information include “government statistics, social media, local news, data from partnerships, like NGOs and universities,” Siskind said. That data set powers their Micro Intelligence platform, and while the startup’s focus today is on helping enterprises keep people safe, while maintaining their operations, you can easily see how the same information could power everything from planning future geographical expansion, to tailoring product development to address specific markets.

Siskind saw there was a need for this kind of approach to an aspect of business that’s essential, but that has been relatively slow to adopt new technologies. From her vantage point two years ago, however, she couldn’t have anticipated just how urgent the need for better, more scalable enterprise security solutions would arise, and Base Operations now seems perfectly positioned to help with that need.

2020 was a disaster, but the pandemic put security in the spotlight

Let’s preface this year’s predictions by acknowledging and admitting how hilariously wrong we were when this time last year we said that 2020 “showed promise.”

In fairness (almost) nobody saw a pandemic coming.

With 2020 wrapping up, much of the security headaches exposed by the pandemic will linger into the new year.

The pandemic is, and remains, a global disaster of epic proportions that’s forced billions of people into lockdown, left economies in tatters with companies (including startups) struggling to stay afloat. The mass shifting of people working from home brought security challenges with it, like how to protect your workforce when employees are working outside the security perimeter of their offices. But it’s forced us to find and solve solutions to some of the most complex challenges, like pulling off a secure election and securing the supply chain for the vaccines that will bring our lives back to some semblance of normality.

With 2020 wrapping up, much of the security headaches exposed by the pandemic will linger into the new year. This is what to expect.

Working from home has given hackers new avenues for attacks

The sudden lockdowns in March drove millions to work from home. But hackers quickly found new and interesting ways to target big companies by targeting the employees themselves. VPNs were a big target because of outstanding vulnerabilities that many companies didn’t bother to fix. Bugs in enterprise software left corporate networks open to attack. The flood of personal devices logging onto the network — and the influx of malware with it — introduced fresh havoc.

Sophos says that this mass decentralizing of the workforce has turned us all into our own IT departments. We have to patch our own computers, install security updates, and there’s no IT just down the hallway to ask if that’s a phishing email.

Companies are having to adjust to the cybersecurity challenges, since working from home is probably here to stay. Managed service providers, or outsourced IT departments, have a “huge opportunity to benefit from the work-from-home shift,” said Grayson Milbourne, security intelligence director at cybersecurity firm Webroot.

Ransomware has become more targeted and more difficult to escape

File-encrypting malware, or ransomware, is getting craftier and sneakier. Where traditional ransomware would encrypt and hold a victim’s files hostage in exchange for a ransom payout, the newer and more advanced strains first steal a victim’s files, encrypt the network and then threaten to publish the stolen files if the ransom isn’t paid.

This data-stealing ransomware makes escaping an attack far more difficult because a victim can’t just restore their systems from a backup (if there is one). CrowdStrike’s chief technology officer Michael Sentonas calls this new wave of ransomware “double extortion” because victims are forced to respond to the data breach as well.

The healthcare sector is under the closest guard because of the pandemic. Despite promises from some (but not all) ransomware groups that hospitals would not be deliberately targeted during the pandemic, medical practices were far from immune. 2020 saw several high profile attacks. A ransomware attack at Universal Health Services, one of the largest healthcare providers in the U.S., caused widespread disruption to its systems. Just last month U.S. Fertility confirmed a ransomware attack on its network.

These high-profile incidents are becoming more common because hackers are targeting their victims very carefully. These hyperfocused attacks require a lot more skill and effort but improve the hackers’ odds of landing a larger ransom — in some cases earning the hackers millions of dollars from a single attack.

“This coming year, these sophisticated cyberattacks will put enormous stress on the availability of services — in everything from rerouted healthcare services impacting patient care, to availability of online and mobile banking and finance platforms,” said Sentonas.

2020 was a disaster, but the pandemic put security in the spotlight

Let’s preface this year’s predictions by acknowledging and admitting how hilariously wrong we were when this time last year we said that 2020 “showed promise.”

In fairness (almost) nobody saw a pandemic coming.

With 2020 wrapping up, much of the security headaches exposed by the pandemic will linger into the new year.

The pandemic is, and remains, a global disaster of epic proportions that’s forced billions of people into lockdown, left economies in tatters with companies (including startups) struggling to stay afloat. The mass shifting of people working from home brought security challenges with it, like how to protect your workforce when employees are working outside the security perimeter of their offices. But it’s forced us to find and solve solutions to some of the most complex challenges, like pulling off a secure election and securing the supply chain for the vaccines that will bring our lives back to some semblance of normality.

With 2020 wrapping up, much of the security headaches exposed by the pandemic will linger into the new year. This is what to expect.

Working from home has given hackers new avenues for attacks

The sudden lockdowns in March drove millions to work from home. But hackers quickly found new and interesting ways to target big companies by targeting the employees themselves. VPNs were a big target because of outstanding vulnerabilities that many companies didn’t bother to fix. Bugs in enterprise software left corporate networks open to attack. The flood of personal devices logging onto the network — and the influx of malware with it — introduced fresh havoc.

Sophos says that this mass decentralizing of the workforce has turned us all into our own IT departments. We have to patch our own computers, install security updates, and there’s no IT just down the hallway to ask if that’s a phishing email.

Companies are having to adjust to the cybersecurity challenges, since working from home is probably here to stay. Managed service providers, or outsourced IT departments, have a “huge opportunity to benefit from the work-from-home shift,” said Grayson Milbourne, security intelligence director at cybersecurity firm Webroot.

Ransomware has become more targeted and more difficult to escape

File-encrypting malware, or ransomware, is getting craftier and sneakier. Where traditional ransomware would encrypt and hold a victim’s files hostage in exchange for a ransom payout, the newer and more advanced strains first steal a victim’s files, encrypt the network and then threaten to publish the stolen files if the ransom isn’t paid.

This data-stealing ransomware makes escaping an attack far more difficult because a victim can’t just restore their systems from a backup (if there is one). CrowdStrike’s chief technology officer Michael Sentonas calls this new wave of ransomware “double extortion” because victims are forced to respond to the data breach as well.

The healthcare sector is under the closest guard because of the pandemic. Despite promises from some (but not all) ransomware groups that hospitals would not be deliberately targeted during the pandemic, medical practices were far from immune. 2020 saw several high profile attacks. A ransomware attack at Universal Health Services, one of the largest healthcare providers in the U.S., caused widespread disruption to its systems. Just last month U.S. Fertility confirmed a ransomware attack on its network.

These high-profile incidents are becoming more common because hackers are targeting their victims very carefully. These hyperfocused attacks require a lot more skill and effort but improve the hackers’ odds of landing a larger ransom — in some cases earning the hackers millions of dollars from a single attack.

“This coming year, these sophisticated cyberattacks will put enormous stress on the availability of services — in everything from rerouted healthcare services impacting patient care, to availability of online and mobile banking and finance platforms,” said Sentonas.

5 questions every IT team should to be able to answer

Now more than ever, IT teams play a vital role in keeping their businesses running smoothly and securely. With all of the assets and data that are now broadly distributed, a CEO depends on their IT team to ensure employees remain connected and productive and that sensitive data remains protected.

CEOs often visualize and measure things in terms of dollars and cents, and in the face of continuing uncertainty, IT — along with most other parts of the business — is facing intense scrutiny and tightening of budgets. So, it is more important than ever to be able to demonstrate that they’ve made sound technology investments and have the agility needed to operate successfully in the face of continued uncertainty.

For a CEO to properly understand risk exposure and make the right investments, IT departments have to be able to confidently communicate what types of data are on any given device at any given time.

Here are five questions that IT teams should be ready to answer when their CEO comes calling:

What have we spent our money on?

Or, more specifically, exactly how many assets do we have? And, do we know where they are? While these seem like basic questions, they can be shockingly difficult to answer … much more difficult than people realize. The last several months in the wake of the COVID-19 outbreak have been the proof point.

With the mass exodus of machines leaving the building and disconnecting from the corporate network, many IT leaders found themselves guessing just how many devices had been released into the wild and gone home with employees.

One CIO we spoke to estimated they had “somewhere between 30,000 and 50,000 devices” that went home with employees, meaning there could have been up to 20,000 that were completely unaccounted for. The complexity was further compounded as old devices were pulled out of desk drawers and storage closets to get something into the hands of employees who were not equipped to work remotely. Companies had endpoints connecting to corporate network and systems that they hadn’t seen for years — meaning they were out-of-date from a security perspective as well.

This level of uncertainty is obviously unsustainable and introduces a tremendous amount of security risk. Every endpoint that goes unaccounted for not only means wasted spend but also increased vulnerability, greater potential for breach or compliance violation, and more. In order to mitigate these risks, there needs to be a permanent connection to every device that can tell you exactly how many assets you have deployed at any given time — whether they are in the building or out in the wild.

Are our devices and data protected?

Device and data security go hand in hand; without the ability to see every device that is deployed across an organization, it becomes next to impossible to know what data is living on those devices. When employees know they are leaving the building and going to be off network, they tend to engage in “data hoarding.”

Maze, a notorious ransomware group, says it’s shutting down

One of the most active and notorious data-stealing ransomware groups, Maze, says it is “officially closed.”

The announcement came as a waffling statement, riddled with spelling mistakes and published on its website on the dark web, which for the past year has published vast troves of stolen internal documents and files from the companies it targeted, including Cognizant, cybersecurity insurance firm Chubb, pharmaceutical giant ExecuPharm, Tesla and SpaceX parts supplier Visser and defense contractor Kimchuk.

Where typical ransomware groups would infect a victim with file-encrypting malware and hold the files for a ransom, Maze gained notoriety for first exfiltrating a victim’s data and threatening to publish the stolen files unless the ransom was paid.

It quickly became the preferred tactic of ransomware groups, which set up websites — often on the dark web — to leak the files it stole if the victim refused to pay up.

Maze initially used exploit kits and spam campaigns to infect its victims, but later began using known security vulnerabilities to specifically target big-name companies. Maze was known to use vulnerable virtual private network (VPN) and remote desktop (RDP) servers to launch targeted attacks against its victim’s network.

Some of the demanded ransoms reached into the millions of dollars. Maze reportedly demanded $6 million from one Georgia-based wire and cable manufacturer, and $15 million from one unnamed organization after the group encrypted its network. But after COVID-19 was declared a pandemic in March, Maze — as well as other ransomware groups — promised to not target hospitals and medical facilities.

But security experts aren’t celebrating just yet. After all, ransomware gangs are still criminal enterprises, many of which are driven by profit.

A statement by the Maze ransomware group, claiming it has shut down. Screenshot: TechCrunch

“Obviously, Maze’s claims should be taken with a very, very small pinch of salt,” said Brett Callow, a ransomware expert and threat analyst at security firm Emsisoft . “It’s certainly possible that the group feels they have made enough money to be able to close shop and sail off into the sunset. However, it’s also possible — and probably more likely — that they’ve decided to rebrand.”

Callow said the group’s apparent disbanding leaves open questions about the Maze group’s connections and involvement with other groups. “As Maze was an affiliate operation, their partners in crime are unlikely to retire and will instead simply align themselves with another group,” he said.

Maze denied that it was a “cartel” of ransomware groups in its statement, but experts disagree. Steve Ragan, a security researcher at Akamai, said Maze was known to post on its website data from other ransomware, like Ragnar Locker and the LockBit ransomware-for-hire.

“For them to pretend now that there was no team-up or cartel is just plain backwards. Clearly these groups were working together on many levels,” said Ragan.

“The downside to this, and the other significant element, is that nothing will change, Ransomware is still going to be out there,” said Ragan. “Criminals are still targeting open access, exposed RDP [remote desktop protocol] and VPN portals, and still sending malicious emails with malicious attachments in the hope of infecting unsuspecting victims on the internet,” he said.

Jeremy Kennelly at FireEye’s Mandiant threat intelligence unit said that while the Maze brand may be dead, its operators are likely not gone for good.

“We assess with high confidence that many of the individuals and groups that collaborated to enable the Maze ransomware service will likely continue to engage in similar operations — either working to support existing ransomware services or supporting novel operations in the future,” said Kennelly.

Google reveals a new Windows zero-day bug it says is under active attack

Google has dropped details of a previously undisclosed vulnerability in Windows, which it says hackers are actively exploiting. As a result, Google gave Microsoft just a week to fix the vulnerability. That deadline came and went, and Google published details of the vulnerability this afternoon.

The vulnerability has no name but is labeled CVE-2020-17087, and affects at least Windows 7 and Windows 10.

Google’s Project Zero, the elite group of security bug hunters which made the discovery, said the bug allows an attacker to escalate their level of user access in Windows. Attackers are using the Windows vulnerability in conjunction with a separate bug in Chrome, which Google disclosed and fixed last week. This new bug allows an attacker to escape Chrome’s sandbox, normally isolated from other apps, and run malware on the operating system.

In a tweet, Project Zero’s technical lead Ben Hawkes said Microsoft plans to issue a patch on November 10.

Microsoft didn’t independently confirm this date when asked, but said in a statement: “Microsoft has a customer commitment to investigate reported security issues and update impacted devices to protect customers. While we work to meet all researchers’ deadlines for disclosures, including short-term deadlines like in this scenario, developing a security update is a balance between timeliness and quality, and our ultimate goal is to help ensure maximum customer protection with minimal customer disruption.”

But it’s unclear who the attackers are or their motives. Google’s director of threat intelligence Shane Huntley said that the attacks were “targeted” and not related to the U.S. election.

A Microsoft spokesperson also added that the reported attack is “very limited and targeted in nature, and we have seen no evidence to indicate widespread usage.”

It’s the latest in a list of major flaws affecting Windows this year. Microsoft said in January that the National Security Agency helped find a cryptographic bug in Windows 10, though there was no evidence of exploitation. But in June and September, Homeland Security issued alerts over two “critical” Windows bugs — one which had the ability to spread across the internet, and the other could have gained complete access to an entire Windows network.

Updated with comment from Microsoft.

U.S. charges Russian hackers blamed for Ukraine power outages and the NotPetya ransomware attack

Six Russian intelligence officers accused of launching some of the “world’s most destructive malware” — including an attack that took down the Ukraine power grid in December 2015 and the NotPetya global ransomware attack in 2017 — have been charged by the U.S. Justice Department.

Prosecutors said the group of hackers, who work for the Russian GRU, are behind the “most disruptive and destructive series of computer attacks ever attributed to a single group.”

“No country has weaponized its cyber capabilities as maliciously or irresponsibly as Russia, wantonly causing unprecedented damage to pursue small tactical advantages and to satisfy fits of spite,” said John Demers, U.S. U.S. assistant attorney general for national security. “Today the Department has charged these Russian officers with conducting the most disruptive and destructive series of computer attacks ever attributed to a single group, including by unleashing the NotPetya malware. No nation will recapture greatness while behaving in this way.”

The six accused Russian intelligence officers. (Image: FBI/supplied)

In charges laid out Monday, the hackers are accused of developing and launching attacks using the KillDisk and Industroyer (also known as Crash Override) to target and disrupt the power supply in Ukraine, which left hundreds of thousands of customers without electricity two days before Christmas. The prosecutors also said the hackers were behind the NotPetya attack, a ransomware attack that spread across the world in 2017, causing billions of dollars in damages.

The hackers are also said to have used Olympic Destroyer, designed to knock out internet connections during the opening ceremony of the 2018 PyeongChang Winter Olympics in South Korea.

Prosecutors also blamed the six hackers for trying to disrupt the 2017 French elections by launching a “hack and leak” operation to discredit the then-presidential frontrunner, Emmanuel Macron, as well as launching targeted spearphishing attacks against the Organization for the Prohibition of Chemical Weapons and the U.K.’s Defense Science and Technology Laboratory, tasked with investigating the use of the Russian nerve agent Novichok in Salisbury, U.K. in 2018, and attacks against targets in Georgia, the former Soviet state.

The alleged hackers — Yuriy Sergeyevich Andrienko, 32; Sergey Vladimirovich Detistov, 35; Pavel Valeryevich Frolov, 28; Anatoliy Sergeyevich Kovalev, 29; Artem Valeryevich Ochichenko, 27; and Petr Nikolayevich Pliskin, 32 — are all charged with seven counts of conspiracy to hack, commit wire fraud, and causing computer damage.

The accused are believed to be in Russia. But the indictment serves as a “name and shame” effort, frequently employed by Justice Department prosecutors in recent years where arrests or extraditions are not likely or possible.

Healthcare giant UHS hit by ransomware attack, sources say

Universal Health Services, one of the largest healthcare providers in the U.S., has been hit by a ransomware attack.

The attack hit UHS systems early on Sunday morning, according to two people with direct knowledge of the incident, locking computers and phone systems at several UHS facilities across the country, including in California and Florida.

One of the people said the computer screens changed with text that referenced the “shadow universe,” consistent with the Ryuk ransomware. “Everyone was told to turn off all the computers and not to turn them on again,” the person said. “We were told it will be days before the computers are up again.”

It’s not immediately known what impact the ransomware attack is having on patient care.

An executive who oversees cybersecurity at another U.S. hospital system, who asked not to be named as they were not authorized to speak to the press, told TechCrunch that patient medical data is “likely safe” as UHS relies on Cerner, a healthcare technology company, to handle its patients’ electronic health records.

UHS has 400 hospitals and healthcare facilities in the U.S. and the U.K., and serves millions of patients each year.

A spokesperson for UHS did not immediately respond to a request for comment.

The Ryuk ransomware is linked to a Russian cybercrime group, known as Wizard Spider, according to security firm Crowdstrike. Ryuk’s operators are known to go “big game hunting” and have previously targeted large organizations, including shipping giant Pitney Bowes and the U.S. Coast Guard.

Some ransomware operators said earlier this year that they would not attack health organizations and hospitals during the COVID-19 pandemic, but Ryuk’s operators did not.

Last week, police in Germany launched a homicide investigation after a woman died after she was redirected to another hospital following a ransomware attack.

We’ll have more on the UHS incident as we get it.


Send tips securely over Signal and WhatsApp to +1 646-755-8849 or send an encrypted email to: [email protected]

Cyber threat startup Cygilant hit by ransomware

Cygilant, a threat detection cybersecurity company, has confirmed a ransomware attack.

Christina Lattuca, Cygilant’s chief financial officer, said in a statement that the company was “aware of a ransomware attack impacting a portion of Cygilant’s technology environment.”

“Our Cyber Defense and Response Center team took immediate and decisive action to stop the progression of the attack. We are working closely with third-party forensic investigators and law enforcement to understand the full nature and impact of the attack. Cygilant is committed to the ongoing security of our network and to continuously strengthening all aspects of our security program,” the statement said.

Cygilant is believed to be the latest victim of NetWalker, a ransomware-as-a-service group, which lets threat groups rent access to its infrastructure to launch their own attacks, according to Brett Callow, a ransomware expert and threat analyst at security firm Emsisoft .

The file-encrypting malware itself not only scrambles a victim’s files but also exfiltrates the data to the hacker’s servers. The hackers typically threaten to publish the victim’s files if the ransom isn’t paid.

A site on the dark web associated with the NetWalker ransomware group posted screenshots of internal network files and directories believed to be associated with Cygilant.

Cygilant did not say if it paid the ransom. But at the time of writing, the dark web listing with Cygilant’s data had disappeared.

“Groups permanently delist companies when they’ve paid or, in some cases, temporarily delist them once they’ve agreed to come to the negotiating table,” said Callow. “NetWalker has temporarily delisted pending negotiations in at least one other case.”