Skip to main content
close search
site logo
Dive Brief

Mattel's July ransomware reportedly linked to Trickbot

Published Nov. 4, 2020
Samantha Schwartz's headshot
Samantha Schwartz Reporter
Mattel

Dive Brief:

  • Toymaker Mattel disclosed a ransomware attack from July 28 in a 10-Q SEC filing Tuesday. 
  • The attack resulted in a "number of systems" being encrypted and while the company was able to contain the attack, some operations were impacted and then restored. The forensic investigation found no evidence of business or retail customer, supplier, consumer or employee data was exfiltrated. 
  • The company reported "no material impact" on operations or its financial condition. However, "while Mattel carries cyber and business continuity insurance commensurate with its size and the nature of its operations, there can be no guarantee that costs incurred as a result of cyber events will be covered completely," according to the filing.

Dive Insight:

Mattel disclosed limited details in the SEC filing, though sources told Bleeping Computer the ransomware attack traced back to Trickbot. 

Microsoft began pursuing Trickbot's operations in October, aiming to eliminate its critical operational infrastructure. By mid-October, the company reported disrupting 94% of its command-and-control servers and other infrastructure functions. However, Microsoft conceded "there is not always a straight line to success."

Trickbot is often the prelude to a Ryuk ransomware attack. The main threat group perpetrating Ryuk, UNC1878, used Trickbot or Emotet for initial access, though has since graduated to using BazarLoader or BazarBackdoor

Ryuk's activity dropped off the radar between the onset of the pandemic in the U.S. until September. Potential activity in July would be an outlier. However, because Ryuk is a commodity malware, UNC1878 may not have been behind this attack. 

Though Mattel said the attack didn't compromise any data, the company noted the "significant uncertainty" around privacy and data protection laws and how they are interpreted, potentially creating "inconsistent or conflicting requirements," according to the filing. Compliance for regulations, including GDPR and the CCPA, impost "significant costs and challenges that are likely to increase over time." 

The California-based company faces additional privacy regulation as California residents voted on Proposition 24, or the California Privacy Rights Act (CPRA) Tuesday. If passed, the "CCPA 2.0" would prevent companies from collecting any consumer data necessary to provide their services. At the time of publication, The Associated Press tabulated 72% of California's vote, with 56% of constituents voting "yes" for the CPRA. 

Mattel noted that any delay or disruption to its systems, including cyberattacks, "could lead to violations of privacy laws, loss of customers, or loss, misappropriation or corruption of confidential information, trade secrets, or data," which could unravel into greater financial ramifications. Ransomware attacks resulting in breached data tend to have lingering and less predictable financial losses.

Recommended Reading

Filed Under: Cyberattacks

Editors' picks

Company Announcements

View all | Post a press release
Nile Adds Industry’s First Campus Zero Trust Delivered As a Service
From Nile
November 21, 2024
DigiCert Unveils 2025 Security Predictions
From DigiCert
November 21, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
Editors' picks
Latest in Cyberattacks
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell