Cyber Incident Victim: Verint Systems
Date:
Apr 2019
Location:
Israel
Summary
A cybersecurity firm experienced a ransomware attack impacting its Israel offices, disrupting on-premise email and virtual desktop services. Employees were instructed to power off affected machines immediately and contact IT, which collaborated with external incident responders to contain the incident. The organization stated its defenses identified the breach promptly and initiated necessary measures to mitigate it, though full restoration timelines were unclear. The attack highlighted risks even to specialized security providers.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On April 17, 2019, Verint Systems Inc., a US-based cybersecurity and business intelligence firm operating primarily from Israel, experienced a ransomware attack targeting its Israeli offices. An internal warning message displayed on employee computers confirmed the incident, stating a "critical issue" affected on-premise email services and Green Zone Virtual Desktop Infrastructure (VDI). The notification instructed employees encountering ransomware pop-ups to immediately power down their machines and contact the IT Help Desk, indicating active encryption attempts on endpoints. Verint's IT department initiated containment procedures upon detection, collaborating with external resources to address the breach while promising updates on remediation progress. Multiple sources verified the incident's authenticity and confirmed FireEye's Mandiant incident response team had been deployed on-site to assist recovery operations.
Verint's corporate spokesperson acknowledged the attack to Israeli media outlets TheMarker, Calcalist, and Globes, asserting that the company's defense systems identified the intrusion immediately after it commenced and executed necessary countermeasures to disrupt it. The ransomware disrupted core enterprise services, specifically impairing email communications and virtual desktop access critical to daily operations. Despite confirming the incident's occurrence and initial defensive actions, Verint declined to provide additional details or respond to follow-up inquiries from ZDNet regarding the attack's scope, data impact, or ransom demands. Founded in 1999, Verint specialized in analytics, surveillance, and security solutions at the time of the incident, with its operational headquarters in Israel serving as the primary location affected by this disruption. The engagement of Mandiant, a prominent cybersecurity incident response firm, underscored the severity of the compromise and the requirement for specialized forensic and recovery expertise to restore normal operations.