back to article Pharma-testing biz Eurofins Scientific says it fell victim to 'new version' of malware

Bio-analytical testing biz Eurofins Scientific today admitted it was the subject of a ransomware attack at the weekend. The Paris Stock Exchange-listed group operates in food, environmental, pharmaceutical and cosmetics product testing. It has 800 labs spread across 47 countries. The company said in a statement that its tech …

  1. W60

    information sharing

    Would be really more helpful if people actually shared details of the malware ....new version of what family?...what's new? I know they dont want to admit either employee X click on a link in the email or opened an attachment, or we left RDP, SSH or some other unsecured service open to the internet but a little detail to help the community (I know I'm a dreamer)

    1. Anonymous Coward
      Anonymous Coward

      Re: information sharing

      It's a, supposedly, new version of Ransomware. The IT guys are still having 'issues', they are very unlikely to know at this stage how it got in or via what route or what 'family' it is, being as (if it is new) it will be unclassified.

      Wait for the analysis and then they might share, or might not.

    2. Anonymous Coward
      Anonymous Coward

      Re: information sharing

      There is some additional info available now but nothing concrete: supposedly it propagated via SMB, CIFS, or RDP. Also they were using McAfee which apparently failed to stop the ransomware at first, but was successfully quarantining it later that same day.

  2. Doctor Syntax Silver badge

    "put through to a flustered rep in the IT department."

    Exactly how not to do it. I wonder if the PHBs are calling in every few minutes or standing over them as well.

  3. Anonymous Coward
    Anonymous Coward

    Over the last weekend...

    ... I received two emails "from <your domain>" "your <email> is holding (12) messages" and "clutter behind the scenes (12)"

    pretending to be some kind of mail-filtering service affiliated with my mail service - but with the retrieve/release links going to some dodgy-looking domain-names - so actually some kind of phishing/malware.

    It's a new ruse, but likely quite effective.

    1. Anonymous South African Coward Silver badge

      Re: Over the last weekend...

      ... I received two emails "from <your domain>" "your <email> is holding (12) messages" and "clutter behind the scenes (12)"

      pretending to be some kind of mail-filtering service affiliated with my mail service - but with the retrieve/release links going to some dodgy-looking domain-names - so actually some kind of phishing/malware.

      It's a new ruse, but likely quite effective.

      We also got those kind of emails. Luckily the persons who got it asked IT first.

    2. Mark 85 Silver badge

      Re: Over the last weekend...

      Not new from what I've seen over the years. Just another variation of spoofed emails, nasty links and hoping the receiver is an idiot and will open them.

  4. Anonymous South African Coward Silver badge

    One way to piss off an already overstressed sysadmin is demanding information and the such in the middle of a crisis.

    Leave the IT team be, they're doing what they can, and moreso with an unknown equation.

  5. sitta_europea Silver badge

    The last few days it's been oddles of messages allegedly from YourLifeNN@NNNN.com from compromised Windows boxes.

    I'm guessing BlueKeep.

  6. This post has been deleted by its author

  7. Simon Reed
    FAIL

    Basic security

    Why do these tossers never have backups and a disaster recovery strategy?

    This outfit is a major part of providing forensic evidence for the courts. Do government procurement wonks not check out the competence of their suppliers?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022