Barbie makers Mattel hit by ransomware: TrickBot possibly to blame

The company suffers the ransomware attack and discloses that business functions got affected, even though temporarily

Toymaker company disclosed the encryption-malware attack. Toy industry giant that makes Barbie, Hot Wheels and other popular pieces of toys disclosed the ransomware attack.^[1] A non-identified malware attack, reportedly impacted some of the business functions but was terminated.^[2] However, the company claims that there are no significant financial losses or data theft. Mattel revealed that they managed to recover from the attack successfully.

The ransomware infiltrated the system and encrypted some parts of the system. Mattel managed to take some measures, and stop the attack, restore some of the systems without paying the ransom or suffering serious damage. Some of the functions got temporarily impacted. Besides that, the toymaker states that the investigation concluded that there is no evidence showing sensitive data loss. The company stores customer, supplier, consumer, and employee information, so such incidents might affect many people.

The filling of a ransomware attack revealed that the toymaker got hit

Mattel is the second-largest toy making company in the world with more than $5.7 billion in revenue for 2019. The 10-Q form^[3] that was filed with information about the incident revealed that ransomware took place on the particular 28th of July:

On July 28, 2020, Mattel discovered that it was the victim of a ransomware attack on its information technology systems that caused data on a number of systems to be encrypted.

According to their official statements, the company believes that data was not stolen or affected besides the encryption^[4] that was managed. Forensic investigation still needed to determine the fact about the exfiltration of sensitive data and other possible issues regarding the malware attack.

It is known that TrickBot malware^[5] attacked the company during the same month, so it is believed that Ryuk ransomware or Conti cryptovirus can possibly be responsible for the issue. The filling itself does not indicate this, but many reports on this trojan's activity revealed victims in various fields.

Possibly responsible ransomware strains related to TrickBot malware

TrickBot is popular and well-known, especially for the network-wide attacks that compromise systems with the later goal of spreading ransomware infections. Such threats encode files on devices and systems and cause more damage or even lead to money extortion and sensitive data leakage.

Ransomware still remains the most dangerous type of cyber infection because it triggers damage to various data. New releases of crypto-malware started to use a method of stealing data before the encoding procedures. This way, criminals behind the virus can ask for additional payments or be more encouraging when the ransom for encrypted files is asked from victims.

Also, such malicious actors who distribute cryptocurrency-extortion based threats, rely on data leak sites. When criminals obtain information from systems, devices, and company networks, it is easy for them to demand payments claiming to leak sensitive information online if the payment is not transferred when needed.

It seems that Mattel managed to take care of the situation, so the company escaped a ransomware attack without serious consequences.