Ransomware targets Ness Digital Engineering, sparking concern in Israel

Ness Digital Engineering and the Israeli company Ness Technologies are not connected, and there is no cyberattack on Ness Technologies.

[Illustrative] A man holds a laptop computer as cyber code is projected on him. (photo credit: KACPER PEMPEL/REUTERS)
[Illustrative] A man holds a laptop computer as cyber code is projected on him.
A ransomware cyberattack has targeted the Ness Digital Engineering company that operates in Israel, the US and India, according to cybersecurity consultant Einat Meyron.
The details of the cyberattack remain unclear, but initial reports indicate that the attack may have begun in Israel and then spread to other Ness branches around the world.
Ness has worked for more than two decades to develop and integrate software products and digital platforms for companies and government agencies.
“This is a significant, rolling event, which started at high intensities last night. There is currently chaos and we are trying to keep it low profile, with the company’s internal intervention teams. At the moment we do not see it spreading to customers,” a source involved in handling the attack told Ynet.
Shachar Efal, CEO of Ness Technologies, told Ynet that all their systems had been tested and that there was no intrusion into the company or its customers, of which there are hundreds in Israel.
The company that Ness Digital Engineering operates in Israel is called SwiftNess.
Ness Technologies, which operates in Israel, stressed that it was not being affected by the cyberattack, and that while they were connected to the Ness companies in India and the US in the past, they have not been connected for the past seven years.
The company has worked in the past with the IDF, Israel Aerospace Industries, Israel Post, the Israel Airport Authority and the Hebrew University, among other companies and government bodies.
According to the National Cyber Directorate, the incident is not connected to Israel.
Ness Digital Engineering told The Jerusalem Post that only a minority of the less than 300 servers the company owns were impacted by the attack.
The managers of the company’s India branch have reportedly begun managing the incident and have brought their insurer, AIG, into the picture.
A screenshot of the message displayed as part of the attack reads “Hello ness-digital-engineering! If you (sic) reading this message, it means your network was PENETRATED and all of your files and data has (sic) been ENCRYPTED by RAGNAR LOCKER!” The message instructs the company to contact a live chat provided in the message to resolve the case and “make a deal.”
In November, the FBI warned that Ragnar Locker ransomware has been used against an increasing list of victims since it was first observed by the FBI in April 2020. The ransomware actors first obtain access to a victim’s network and perform reconnaissance to locate network resources, backups and other sensitive files and manually deploy the ransomware and encrypt the victim’s data, according to the FBI report.
The ransomware does not encrypt data if the victim’s locale is found to be Azerbaijani, Armenian, Belorussian, Kazakh, Kyrgyz, Moldavian, Tajik, Russian, Turkmen, Uzbek, Ukrainian or Georgian, according to the FBI report.
Companies targeted by the ransomware include the Capcom gaming company and the Italian beverage company Campari Group. The hacking group behind Ragnar Locker has even taken out Facebook ads through hacked accounts in order to publicize their ransom attacks.
The FBI advised companies to back-up critical data off-line and securely, install and regularly update anti-virus or anti-malware software, use multi-factor authentication and keep devices patched and up-to-date, among other measures.
Meyron stressed that cyber insurance is “a necessary tool in any assessment plan, but only after real assessments have been made and the organization understands and knows what it will need to do, – depending on which triggers and schedules, – to activate the playbook and respond correctly and effectively to the attack.”
The cybersecurity consultant explained that insurance policies are rarely precisely tailored to the needs of the company and added that in the attack on Ness, the incident managers in India were reporting a delayed response from AIG due to the different time zones involved in the incident.
“The event that is currently underway illustrates the real challenge of managing a cyber event,” Meyron said. “The rate of spread is so fast. We know today that ransomware attacks can encrypt thousands of workstations in just a few hours and that does not even include the threat of disseminating the information itself, other misuse and other business, financial and legal damages yet to come.”
The attack comes after a series of cyberattacks on Israeli businesses and institutions, including Israel Aerospace Industries, the Shirbit insurance company, Ben-Gurion University and the Amital software company.