Qualys Falls Victim to Ransomware Attack, Leads to Data Leak

Information security company Qualys was the subject of a data leak involving ransomware gang Clop, reported CPO Magazine. The sensitive data of its clients were published on a Tor page owned by the group.

Some of the information that was leaked in the attack include purchase orders, invoices, quotations, tax documents, and scanned reports.

When the news regarding the cyber security incident first came out, a Qualys representative refused to give more details as the attack was still being investigated. During this time, the company denied that the incident was caused by ransomware.

Qualys Falls Victim to Ransomware Attack

However, the company did send notices to its customers informing them of the unauthorized access to their data. According to the firm, “We immediately notified the limited number of customers impacted by this unauthorized access.”

Qualys failed to reveal the extent of the incident, particularly the actual number of customers involved in the leak. It was not clear if such detail was available.

Nevertheless, the company hired FireEye Mandiant to respond to the incident, reported SDX Central.

Qualys CISO Ben Carr also said in a blog post that “all Qualys platforms continue to be fully functional and at no time was there any operational impact.”

The Accellion Connection

This incident is associated with the Accellion File Transfer Appliance (FTA) zero-day vulnerability. The company verified that the root of the issue was the Accellion FTA which the firm used to provide customer service.

Qualys said, “New information has come out today related to a previously identified zero-day exploit in a third-party solution, Accellion FTA, that Qualys deployed to transform the information as part of our customer support system.”

The cybersecurity and compliance firm also noted that the Accellion FTA server it used was deployed “in a segregated DMZ environment, completely separate from systems that host and support Qualys products to transfer information.”

Qualys said that the incident was not caused by a ransomware attack. In a statement, the company said that it found “no impact on the Qualys production environments, codebase or customer data hosted on the Qualys Cloud Platform.”

The CPO Magazine report indicated that no clarification was made as to whether the firm received a ransom note similar to other companies affected by the Accellion data breach.

Meanwhile, Accellion was able to patch four zero-day vulnerabilities that were identified at the start of the year.