A 140GB archive that purportedly belongs to Door Controls USA, a US-based door parts shop, has been leaked on a popular dark web hacker forum.
According to the forum post, the archive includes confidential company data and sensitive documents related to Door Controls USA, including manufacturing blueprints, machine-readable manufacturing code, financial and accounting data, as well as various legal documents.
The archive was leaked on November 27-28. It appears to have been posted on the hacker forum after Door Controls USA seemingly refused to pay ransom to cybercriminals who breached the company’s network.
“The data is preloaded and will be automatically published if you do not pay. After publication, your data will be available for at least 6 months on our CDN servers.”
Ransomware message left on the forum post
We asked Door Controls USA if they could confirm that the leak was genuine. However, we received no response from the company.
What data has been leaked?
The leaked data appears to come from Door Controls USA, a commercial automatic and manual door part seller and manufacturer based in Ben Wheeler, Texas. Established in 1995, the company claims to offer “the widest range of products in the automatic door industry,” including door locks, bolts, checks, and more.
Based on the samples we saw from the leak, the archive appears to contain more than 140GB worth of confidential company data, split across two folders. One folder seems to hold company financials and accounting information, while the other is dedicated to sensitive research and development data, including:
- Confidential product plans, models, and blueprints
- Machine-readable G-code instructions for manufacturing a variety of proprietary door control mechanisms
- Company campus layouts and their evacuation plans
- Contracts
- Financial and audit data
- Credit card statements
Example of leaked manufacturing code:
Who had access to the data?
Because the archive was made freely available in the final week of November, we assume that a significant part of the hacker community was able to download and access the data since.
With that said, it’s uncertain how many forum users actually downloaded the entire 140GB archive, and of that, how many are capable or inclined to use the confidential data for malicious purposes.
What’s the impact of the leak?
Most of the data in the archive appears to be corporate rather than personal in nature, which means that it is the company and its employees who are the most likely to bear the brunt of the damage. Malicious actors could make a lot of money by selling confidential company data to competitors for corporate espionage and business intelligence purposes.
For example, selling manufacturing blueprints, machine-readable G-code instructions, or other intellectual property to Door Controls USA’s competitors could harm the company by taking away its competitive edge.
On the other hand, accessing the company’s financial and accounting data, including credit card reports, would allow criminals to commit fraud in Door Controls USA’s name, such as applying for coronavirus relief loans during the pandemic.
Next steps
For organizations that wish to avoid ransomware attacks, here are a few basic precautions that your company should have in mind:
- Implement an intelligent threat detection system or a security incident event management system that will inform your system administrators about the breach and help them prevent data exfiltration from company servers in time.
- Encrypt your confidential data with a salted secure encryption algorithm. In the event of a data breach, encrypted data would be all but useless to any potential attackers because it would be inaccessible without an encryption key.
