Conversation

Notices

1. Embed this notice
   Kevin Beaumont (gossithedog@cyberplace.social)'s status on Tuesday, 03-Dec-2024 06:40:21 JST Kevin Beaumont

   ENGlobal Corporation, an energy company, have filed an 8K with the SEC for ransomware (missing the word ransomware). https://www.sec.gov/ix?doc=/Archives/edgar/data/933738/000165495424015098/eng_8k.htm

   #threatintel #ransomware

   • Embed this notice
     sysop (iam_sysop@cyberplace.social)'s status on Wednesday, 04-Dec-2024 08:06:25 JST sysop

     in reply to

     @GossiTheDog

     follow-up from El-Reg -- this seems a juicy target --

     https://www.theregister.com/2024/12/03/us_energy_contractor_englobal_ransomware/

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Tuesday, 28-Jan-2025 07:34:28 JST Kevin Beaumont

     in reply to

     ENGlobal Corporation has filed an updated 8K with the SEC to say they have evicted the ransomware actor from their network and restored service, two months later. #threatintel #ransomware

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Tuesday, 28-Jan-2025 08:33:48 JST Kevin Beaumont

     in reply to

     ENGlobal took a 21% stock price fall as soon as their initial 8K for cyberattack was filed as it hasn’t recovered since.

     I think in some cases it might be better to explicitly say ransomware as investors may understand there’s established playbooks for that - cyberattack or cyber incident leaves a lot of questions and I think may spook investors.

     #threatintel #ransomware

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Tuesday, 28-Jan-2025 08:46:00 JST Kevin Beaumont

     in reply to

     • Dissent Doe :cupofcoffee:

     @PogoWasRight that’s fair. Although in this case they said neither. I’ve been watching stock prices and the ones who are vague suffer.

   • Embed this notice
     Dissent Doe :cupofcoffee: (pogowasright@infosec.exchange)'s status on Tuesday, 28-Jan-2025 08:46:01 JST Dissent Doe :cupofcoffee:

     in reply to

     @GossiTheDog Being explicit that an attack is "ransomware" is only really helpful if we all only call an attack "ransomware" if ransomware is actually deployed and encrypts the victim's files. If there's no encryption of files, maybe we should call it a hack with an extortion attempt. Right now, too many folks use "ransomware" to describe incidents in which nothing's encrypted and I think that creates a wrong impression and may cause even more unease.