Snatch ransom gang claims Ingenico scalp, says analyst

A Russian-linked ransomware gang claims it has stolen privileged data from the major payment processing company, whose services are widely used in Germany and France.

Threat-intelligence analyst and malware-spotter Gi7w0rm disclosed the alleged breach of Ingenico by Snatch ransom group on Twitter, declaring that things were “looking bad” for the targeted company.

“Snatch Team has just announced that they stole data from Ingenico, a merchant services technology company based in France that is a producer of PoS systems and SaaS solutions. In Germany, you can find their systems in nearly every shop!”

Gi7w0rm added that the “current released evidence” included redacted details of computer network admin credentials used to gain privileged access to Ingenico’s computer systems, as well as network setup and VPN plans.

Punished for lax security?

If true, Gi7w0rm is likely right that this puts Ingenico – used by more than 2,500 apps in 37 countries – in a dire situation. Worse yet, the malware-hunter also claims to have “insider information” confirming that this would not be the first such breach the payment firm has suffered.

“I received insider info confirming that Ingenico also had two major ransomware security incidents in the past year, which they chose to handle behind closed doors,” said Gi7w0rm.

“Their overall security posture has been bad for years, but they've ignored reasonable suggestions from SSPs [security service providers].”

Ingenico boasts a considerable roster of clients and employees – who may now end up being victims – claiming 40 million terminals that use its services worldwide and employing 4,000 workers across eighty offices.