On August 19th, the Medusa ransomware group published the name of another victim in the technology sector on its blog: Percento Technologies International, headquartered in Houston.
This company operates in various fields of IT technology, including:
- Managed IT services
- Enterprise software
- Cloud servers
- Cybersecurity
- Website design
- IT consulting
- …
Percento Technologies International in Houston has two additional operational locations and eight more offices in seven other cities across Texas. The company is also capable of serving clients in other parts of the world, including Australia, Brazil, China, Singapore, England, Scotland, and Norway, as stated on its website.
- Austin – Downtown
- Austin – North
- Dallas
- Houston – Chasewood
- Houston – Downtown
- Houston – One Chase Center
- Katy
- League City
- Sugar Land
- The Woodlands
- San Antonio
Percento Technologies International manages the data of dozens of clients across a wide range of sectors, including:
- Accounting
- Aviation
- Banking
- Electric Utilities
- Healthcare
- Hospitality
- Legal
- Medical Equipment
- Municipalities
- Pipeline
- Transportation
- Veterinary Medicine
- …
For this reason, the Medusa ransomware attack poses a significant security threat not only to the Texas-based company but also to its clients.
The deadline set by the ransomware group to pay the $100,000 ransom in Bitcoin is August 28th. After this date, the data exfiltrated (30GB) and encrypted by Medusa’s affiliate will be published on their Telegram channel.
Among the exfiltrated data, we can confirm the presence of several Word and Excel files, as well as email messages containing unprotected, plaintext credentials for logging into various services purchased by Percento Technologies International’s clients. Below is an example.
In the case of a company operating in the petrochemical sector, headquartered in Houston with nine other locations in Cedar Park (TX), Beaumont (TX), Corpus Christi (TX), Arlington (TX), Chesterfield (MO), Baton Rouge (LA), Chicago (IL), Detroit (MI), and Fort Wayne (IN), we reviewed a file containing all plaintext credentials for logging into services such as:
- Office 365 Management Accounts
- Password and Network Info List – SonicWall (operational locations: Houston Corporate, Austin, Odessa, Dallas, Baton Rouge, Midwest, St. Louis, Cedar Park) with IP data – Subnet – Default Gateway
- Verizon Account Information
- SQL Admin Login
- Internet Providers/Phones and Support by Location
- …
This is undoubtedly a significant security issue, especially if the clients who have trusted and relied on Percento Technologies International have not been alerted to the data breach. The hundreds of credentials present in the files exfiltrated by the Medusa group affiliate could also pose a serious risk if they have not been changed by the Texas company or its clients.
On the homepage of Percento Technologies International, it states…
[…] With Percento, you’ll benefit from proactive threat detection, vulnerability assessments, and incident response planning, ensuring your IT infrastructure is both reliable and secure. […]
and then, ironically, there is what is described inside this page https://percento.us/expert-services/cyber-security/ where the company explains the dangers that can be encountered in case of poor data protection. A very useful page to read, reread and memorize…