Manheim Hit by Ransomware

t_c on 20/02/2020 - 05:51
Last edited 20/02/2020 - 07:42 by 1 other user

Manheim auctions have been down for about 3 days now, looks like ransomware,

Reminds me of this node https://www.ozbargain.com.au/node/511317

Important announcement
This is an update in relation to the incident impacting Manheim. Overnight we made positive progress with our IT systems restoration. While making substantial headway, we are still working towards being able to bring our core operating systems back online.

On this basis, we will not be proceeding with any auctions or sales events which were planned to occur, open or close on Thursday February 20. Our objective is to open online sales on Friday (February 21) and hold scheduled auctions in Brisbane, Melbourne and Sydney on Saturday (February 22); however we will confirm this in due course.

The incident we have experienced is due to malware (malicious software) which was designed to restrict access to our IT systems and interrupt our normal business operations. We currently have no evidence that any of our data has been compromised. We continue to work closely with external professional IT security advisors who are helping us facilitate a restoration of services as soon as possible.

We regret this incident has happened and would like to apologise for any inconvenience caused. Minimising any ongoing disruption to you as a result of this incident remains our primary concern. We can assure you that we are working hard to resolve this incident as quickly as we can.

Again, please direct any questions you may have to your Account Manager or local site contact. If you are unable to speak to them or for any other questions, our Customer Service team can also assist. They can be reached on 1800 001 278.

On behalf of the Manheim business, thank you for your support as we respond to this critical issue. We will provide a further update as soon as there is more information available.

Kind regards,

Charles Cumming

CEO – Inventory Solutions

Automotive

Related Stores

manheim.com.au
manheim.com.au

Comments

  • [Deactivated] on 20/02/2020 - 07:42
    -1

    Pretty good trick to cripple systems for multiple days without accessing data. I doubt that's true.

    • GrueHunter on 20/02/2020 - 08:36
      +7

      Ransomware scammers don't want your data. They want your money. They want you to want your data badly enough to give them that money. Encrypting somebody's drives with ransomware doesn't require the scammers seeing anything on those drives.

      • [Deactivated] on 20/02/2020 - 09:16
        -2

        Lol, I think encrypting your data constitutes being compromised. :p Are you suggesting they never onsell email and password lists?

        • Broke-Ken on 20/02/2020 - 10:55
          +1

          You don't seem to understand how these Ransomware works.

          It's like someone walking up to a business and putting their own security door over the business's regular door. They haven't gained access to the premises, they've just prevented the business owners access to their own building. Then offer a key to their security door once the business owner pays them a fee.

          • [Deactivated] on 20/02/2020 - 12:19
            -4

            @Broke-Ken: You are the one thinking they encrypt data without accessing it. You don't seem to understand that it doesn't take many days to reinstall an OS if the data hasn't been compromised. Do you guys really think scammers don't read anything? There is a current scam where they send new bank details to the client list that is personalised and not automated. Pretty naive for you to just discount that as impossible.

            What is your source that it is definitely and exclusively ransomware?

            • GrueHunter on 20/02/2020 - 16:48

              @[Deactivated]: Nobody is saying that it was definitely and exclusively ransomware.

              You claimed it's a 'good trick' to 'cripple systems' without 'accessing data', and that this was 'unlikely'. None of that is remotely true. Once ransomeware has been deployed, it's trivial to cripple a system without the scammers accessing the data. Data is encrypted. System is stuffed. That's it. Nobody had to read anything.

              And for ransomware scammers, there's no point in accessing your data. The game is to distribute your payload as far as possible, as quickly as possible, to get as many payouts as possible. It's not to sit there monitoring a server that's sucking up terabytes of seriously boring information then trawling through all of that looking for stuff that might or might not be useful later, and leaving a big fat trail that leads back to you in the meantime.

              You don't seem to understand that it doesn't take many days to reinstall an OS if the data hasn't been compromise

              You don't seem to understand that reinstalling the OS isn't the issue. Getting your data is the issue. You could reinstall your OS in half a second. Where's your data? Still encrypted.

              • [Deactivated] on 20/02/2020 - 21:16

                @GrueHunter: Name the most prominent case and duration of your scenario. You seem to only know petty and small cases. Just look at the Travelex case to see how wrong you are.

      • Kranbone on 20/02/2020 - 12:14
        +1

        Wouldn't they use the data as leverage though?

  • payton on 20/02/2020 - 08:01

    TOLL was hit too, few weeks ago

    • Cheaplikethebird on 20/02/2020 - 09:55

      A lot of their systems are still down.

      • payton on 20/02/2020 - 11:16

        Our 'Priority' overnight parcels were still sitting around a week after pickup was booked. Had to resend another way

  • iforgotmysocks on 20/02/2020 - 08:15
    +1

    Excuse me, Charles what?

    • ChillBro on 20/02/2020 - 11:19
      +3

      That was his old name. He's Charles Sleeping now.

  • Bid Sniper on 20/02/2020 - 09:03

    That explains it, was looking for a new rust bucket $#!tbox project

    Must be a new type of crypto locker for 2020

  • Brick50 on 20/02/2020 - 11:05

    Will be interesting to see whether this will affect the hail damage auctions this weekend

  • digitalaxon on 21/02/2020 - 17:55

    Been affected by both Manheim and Tolls outages. As an IT person, I feel sorry for the support staff at Manheim and Toll having to restore their systems and deal with frustrated internal staff.

    Clearly, their DR and backup solutions have failed miserably. How in today's day and age you don't have a working/tested DR strategy in a large business like Toll and Manheim is hard to fathom.

    For those reading this comment who work in IT, or work in a small company with a limited budget/possibly no dedicated IT support staff may I suggest looking/discussing disaster recovery solutions such as AWS CloudEndure / BackBlaze / Veeam / Google backup and Sync, and good old Robocopy with your support company (or ask here - happy to answer any questions).

    If management pushes back because of the cost, disconnect a server from the network and watch how many nanoseconds pass before management start panicking. Okay in all seriousness, one hour of outage is disruptive, now imagine a day, two days or a week of no computer systems and calculate the damage to the reputation and revenues to the business.

    You wouldn't drive a car without insurance (and then complain on ozbargain), so think of a backup as being insurance for your data :)

    • t_c on 21/02/2020 - 21:15

      I have a webapp, I run a cronjob to backup the database to a s3 bucket, rolling 30 days.

      The app is on git so I can just pull a fresh copy on a fresh server then bring in the latest unaffected db backup.

      Is my recovery strategy immune to ransomeware?

      With that other node, https://www.ozbargain.com.au/node/511317 his backups were encrypted also.

Login or Join to leave a comment
Login Join