Sangoma Ransomware
-
@Obsolesce said in Sangoma Ransomware:
I doubt they have AD, which makes a compromised AD joined device your golden ticket into the entire domain as domain admin. And it is also likely this was solely a ransomware attack.
Oh I bet that they are. Just the nature of being a hardware design and manufacturing firm.
-
@JaredBusch said in Sangoma Ransomware:
The concern is not the open source. The concern is closed source.
Very true. Definitely any closed source from them is very suspect now as there's two risks...
- Attacks now know of security holes that weren't public simply by getting "read access" to the code.
- Compromised are injected because there's no community or repo protection against changes.
-
@scottalanmiller said in Sangoma Ransomware:
- FreePBX code impacted. <- No cause for concern but this is the key "panic" that people are promoting to try to make this into a big deal. I don't know anyone that is a Sangoma customer or why much of anyone would be, the kind of stuff that they make isn't stuff for modern businesses. What they make of importance and value is FreePBX, but we have no cause for concern there given what we know.
Question - do you think that if Sangoma only made revenue off support contracts and the add-on modules they would exist as a company? i.e. if they dropped PBXact, etc - could they likely stay afloat?
-
@Dashrender said in Sangoma Ransomware:
@scottalanmiller said in Sangoma Ransomware:
- FreePBX code impacted. <- No cause for concern but this is the key "panic" that people are promoting to try to make this into a big deal. I don't know anyone that is a Sangoma customer or why much of anyone would be, the kind of stuff that they make isn't stuff for modern businesses. What they make of importance and value is FreePBX, but we have no cause for concern there given what we know.
Question - do you think that if Sangoma only made revenue off support contracts and the add-on modules they would exist as a company? i.e. if they dropped PBXact, etc - could they likely stay afloat?
No, because that is why they bought
FreePBXSchmoozecom and Digium.Sangoma has existed for decades as a hardware company, but that hardware revenue went south years ago.
-
@scottalanmiller said in Sangoma Ransomware:
@JaredBusch said in Sangoma Ransomware:
The concern is not the open source. The concern is closed source.
Very true. Definitely any closed source from them is very suspect now as there's two risks...
- Attacks now know of security holes that weren't public simply by getting "read access" to the code.
- Compromised are injected because there's no community or repo protection against changes.
Also the possibility of compromised cryptography keys, such as those used for SSL connections, that people seem to be concerned about.
I don't use them, so not sure about the true nature of that threat though.
-
@Obsolesce said in Sangoma Ransomware:
Also the possibility of compromised cryptography keys, such as those used for SSL connections, that people seem to be concerned about.
Not for SSL. for digitally signing the modules. commercial and non-commercial.
-
@JaredBusch said in Sangoma Ransomware:
@Obsolesce said in Sangoma Ransomware:
Also the possibility of compromised cryptography keys, such as those used for SSL connections, that people seem to be concerned about.
Not for SSL. for digitally signing the modules. commercial and non-commercial.
Ah, okay. That makes more sense.
-
@Obsolesce said in Sangoma Ransomware:
@JaredBusch said in Sangoma Ransomware:
@Obsolesce said in Sangoma Ransomware:
Also the possibility of compromised cryptography keys, such as those used for SSL connections, that people seem to be concerned about.
Not for SSL. for digitally signing the modules. commercial and non-commercial.
Ah, okay. That makes more sense.
Oh also the SSH keys for remoting in to systems. I would say no issue there, but of course stupid people are stupid and I am sure a lot of people have them enabled needlessly.
-
@JaredBusch said in Sangoma Ransomware:
@Obsolesce said in Sangoma Ransomware:
@JaredBusch said in Sangoma Ransomware:
@Obsolesce said in Sangoma Ransomware:
Also the possibility of compromised cryptography keys, such as those used for SSL connections, that people seem to be concerned about.
Not for SSL. for digitally signing the modules. commercial and non-commercial.
Ah, okay. That makes more sense.
Oh also the SSH keys for remoting in to systems. I would say no issue there, but of course stupid people are stupid and I am sure a lot of people have them enabled needlessly.
Okay yeah, I seen SSL mentioned in the one first post, and SSH further down. But not being familiar with the products I didn't know anything beyond that. Perhaps the SSL one was a typo.
-
@Dashrender said in Sangoma Ransomware:
@scottalanmiller said in Sangoma Ransomware:
- FreePBX code impacted. <- No cause for concern but this is the key "panic" that people are promoting to try to make this into a big deal. I don't know anyone that is a Sangoma customer or why much of anyone would be, the kind of stuff that they make isn't stuff for modern businesses. What they make of importance and value is FreePBX, but we have no cause for concern there given what we know.
Question - do you think that if Sangoma only made revenue off support contracts and the add-on modules they would exist as a company? i.e. if they dropped PBXact, etc - could they likely stay afloat?
They made profit before that stuff existed. So I think absolutely. That stuff is all just extra.
-
@scottalanmiller said in Sangoma Ransomware:
@Dashrender said in Sangoma Ransomware:
@scottalanmiller said in Sangoma Ransomware:
- FreePBX code impacted. <- No cause for concern but this is the key "panic" that people are promoting to try to make this into a big deal. I don't know anyone that is a Sangoma customer or why much of anyone would be, the kind of stuff that they make isn't stuff for modern businesses. What they make of importance and value is FreePBX, but we have no cause for concern there given what we know.
Question - do you think that if Sangoma only made revenue off support contracts and the add-on modules they would exist as a company? i.e. if they dropped PBXact, etc - could they likely stay afloat?
They made profit before that stuff existed. So I think absolutely. That stuff is all just extra.
No, they have said the new software sales far eclipsed their recent hardware sales
-
@JaredBusch said in Sangoma Ransomware:
@scottalanmiller said in Sangoma Ransomware:
@Dashrender said in Sangoma Ransomware:
@scottalanmiller said in Sangoma Ransomware:
- FreePBX code impacted. <- No cause for concern but this is the key "panic" that people are promoting to try to make this into a big deal. I don't know anyone that is a Sangoma customer or why much of anyone would be, the kind of stuff that they make isn't stuff for modern businesses. What they make of importance and value is FreePBX, but we have no cause for concern there given what we know.
Question - do you think that if Sangoma only made revenue off support contracts and the add-on modules they would exist as a company? i.e. if they dropped PBXact, etc - could they likely stay afloat?
They made profit before that stuff existed. So I think absolutely. That stuff is all just extra.
No, they have said the new software sales far eclipsed their recent hardware sales
Eclipsed, but I assume that they original business is still functional. If FreePBX is all they have, that's rough.
-
-
-
Updated official statement.
https://www.sangoma.com/press-releases/sangoma-technologies-provides-update-regarding-data-breach/ -
@Crosstalk-Solutions said in Sangoma Ransomware:
In video:
I want to get ahead of speculation....
Because you want your speculation to be the one everyone believes..
This video is a load of crap.
-
@JaredBusch said in Sangoma Ransomware:
@Crosstalk-Solutions said in Sangoma Ransomware:
In video:
I want to get ahead of speculation....
Because you want your speculation to be the one everyone believes..
This video is a load of crap.
-
@Obsolesce said in Sangoma Ransomware:
@JaredBusch said in Sangoma Ransomware:
@Crosstalk-Solutions said in Sangoma Ransomware:
In video:
I want to get ahead of speculation....
Because you want your speculation to be the one everyone believes..
This video is a load of crap.
No, facts, not speculation.
Did shit happen? Of course. No one is denying it.
Does a ransomware of an exec/upper management mean an entire ecosystem is suddenly invalid? No. That is not how anything works.
It does mean that things need to be considered, risks weighed, and actual intelligent thought made.
-
Chris had only one actual goal by making that video when he did and as he did.
Revenue.
-
Just received this.
Dear Sangoma customer,
As you may be aware, Sangoma was the target of a ransomware attack that resulted in some of our confidential company data being posted online. I am writing to provide you with an update regarding our investigation into this cyber attack. As outlined in our Dec. 29 news release (which you can read by clicking here), the data stolen from Sangoma did, regrettably, include certain customer information.
Our investigation to date has found that the compromised data may include your ordering history with Sangoma and your company’s contact information (such as your company’s name, address, phone number, contact person at your company, email address, website, etc.). I’d like to reassure you that while our investigation is still ongoing, there is currently no evidence that the compromised customer information includes bank account or payment card data, since Sangoma does not generally store that information locally.
As our investigation progresses, we will be proactively and directly contacting any specific customers whose data has been compromised, in order to provide further information and appropriate support. Please note that you will only be contacted by Sangoma directly if your data has been compromised by this attack. If you do not hear from us directly, you can assume that we have found no evidence to indicate that your data has been compromised.
I also want to reassure you that you can continue to put your trust and confidence in Sangoma, and in our products and services. Normal business operations continue at Sangoma, so you can still use all of the usual methods to interact with us. Nothing has changed in how you order our products, contact us for support, make payments, or in our ability to ship you product or turn-up customers on our cloud services.
There is currently no evidence to suggest our products and services have been impacted by this cyber attack. We believe strongly that you can continue your use of our products without issue or interruption and that use of our products would not pose any security risk to your business. Even so, out of an abundance of caution, we continue to recommend that you practice good ‘security hygiene’. This includes regularly resetting your passwords (for administrator use of our products and for portal access), limiting remote access to only that which is necessary, keeping your Sangoma software up-to-date on the most recent versions, and monitoring for unauthorized access attempts.
On behalf of everyone at Sangoma, I want to apologize to you for the stress and inconvenience caused by this cyber attack. We are working around the clock, and have been throughout the entire holiday period, to mitigate and manage the impact of this incident. We have retained a leading team of third-party cybersecurity experts to help us with this effort, we have filed a report with law enforcement officials, and have also deployed additional security measures to assist in detecting and preventing any future attempts or incidents of unauthorized access to or malicious activity on our corporate network.
At Sangoma, we pride ourselves on our quality, professionalism, and customer focus. While this cyber-attack has been a difficult and, frankly, embarrassing challenge, it has done nothing to change our commitment to open and transparent communication with our customers – you are the lifeblood of our company and we value you immensely. You have my word that we will keep you updated with accurate and factual information, as it becomes available and appropriate to share, throughout our ongoing investigation. In the meantime, if you have any questions at all, please don’t hesitate to contact us using any of the methods you always have or at [email protected].
Thank you for your continued trust, support and patience.
Sincerely,
Bill Wignall
President & CEO
Sangoma Technologies