FARO Technologies

FARO Technologies, headquartered in the United States of America, experienced a significant cybersecurity incident in May 2020. On May 18th of that year, the company fell victim to a ransomware attack orchestrated by the Revil/Sodinokibi group. This attack resulted in the successful exfiltration of several terabytes of sensitive data from FARO Technologies' systems. The compromised information included proprietary schematics, internal source code, and confidential client details, representing a substantial breach of corporate assets and customer privacy.

The attackers initially threatened to publicly release 1.5 terabytes of the stolen data unless their ransom demands were met. Following FARO Technologies' apparent failure to comply with these demands, the Revil/Sodinokibi group followed through on their threat and leaked the stolen information. Subsequently, the attackers made a further claim, asserting that FARO Technologies had managed to secure a buyer for the compromised data despite not paying the ransom. Throughout this incident, FARO Technologies did not publicly acknowledge the breach or its consequences to media outlets, investors, or relevant regulatory bodies, maintaining silence on the matter.

Investigations into the breach explored potential entry points used by the attackers. Among the vulnerabilities identified within FARO Technologies' infrastructure at the time were an internet-exposed Remote Desktop Protocol service and a Citrix Netscaler system susceptible to the known vulnerability CVE-2019-19781. While these weaknesses represented plausible attack vectors that could have facilitated unauthorized access, investigators were unable to definitively establish a conclusive link between these specific vulnerabilities and the Revil/Sodinokibi group's successful breach of FARO Technologies' network. The incident highlighted the severe impact ransomware attacks can have on organizations possessing valuable intellectual property and customer data.