Cybersecurity firm Rubrik confirms breach


US-based data security company Rubrik has confirmed there was “unauthorized access” to one of its servers amid reports of a Cl0p ransomware attack.

Rubrik’s name and data samples, allegedly taken from the company, appeared on the dark-web website of a Russia-linked ransomware syndicate, named Cl0p, earlier this week.

Michael Mestrovich, the Silicon Valley security company’s chief information security officer (CISO), said Rubrik detected unauthorized access to one of its “non-production IT testing environments.”

ADVERTISEMENT

The company said that threat actors breached Rubrik using a zero-day remote code execution (RCE) bug that affected one of its vendors, Fortra, the developers of the GoAnywhere Managed File Transfer.

Rubrik breach
Rubrik's details on Cl0p's blog. Image by Cybernews.

“Importantly, based on our current investigation, being conducted with the assistance of third-party forensics experts, the unauthorized access did not include any data we secure on behalf of our customers via any Rubrik products,” Mestrovich said.

Rubrik’s CISO said an internal investigation showed that “there was no lateral movement,” meaning cybercriminals did not manage to infect other parts of the company’s IT infrastructure. It insists that no sensitive data, such as social security and financial account numbers or payment details, was accessed.

However, the exposed data “includes certain customer and partner company names, business contact information, and a limited number of purchase orders from Rubrik distributors.”

The data description mentioned in the company’s blog seems to match the data sample seen by Cybernews on Cl0p’s dark-web blog.

Rubrik was founded in 2014 and boasts 4,500 customers. The company employs over 2,500 people and maintains a global presence via 16 offices worldwide. Rubrik’s notable customers include the Japanese automaker Honda, US retailer Home Depot, insurance giant Allstate, and others.

Cybercriminals used the GoAnywhere vulnerability to breach over a hundred organizations. The Cl0p gang was first observed in 2019; however, it appeared to run into trouble in 2021 after Ukrainian police uncovered several affiliated hackers and conducted numerous searches of premises they suspected them of using for illicit purposes.

ADVERTISEMENT

The syndicate rebounded last April, coming back to haunt organizations all over the world. Cl0p ransomware group is considered a ‘big game hunter’ attacker due to its size. The group and its affiliates are credited with having carried out attacks against oil giant Shell, US bank Flagstar, Samsung, Nvidia, and others.