Siemens became aware of a ransomware virus attack on the syngo.Plaza server.The name of the virus is unknown; however, it comes from the family of ransomware viruses.The syngo.Plaza server was not infected, only the files accessible through samba (smb) shares were encrypted as a result of the attack.The virus attacked the syngo.Plaza through the clients or other computers in the network.At the time of the attack the antivirus was not installed on the syngo.Plaza server.Access to share was not limited as recommended by the syngo.Plaza product documentation as it was set with permission to "everyone" with "read, write, execute".The attack resulted in 310,075 sops (service object pairs) in the sts (short term storage) to be encrypted.These sops belong to 50,504 series (fully or partially affected) out of 665,628 stored series in the sts.Multiple separate lts (long term storage) systems were affected by this attack as well.This incident occurred in (b)(6).
|