RansomHouse hackers claim major ransomware attack breaching US payment giant AvidXchange

The attack compromised the systems and client data, marking the second incident for AvidXchange in 2023.

 Computer Hardware, Electronics, Hardware, Monitor, Screen, Adult, Female, Person, Woman, Computer, Computer Keyboard, Mouse, Face, Head

The RansomHouse ransomware group has reportedly taken responsibility for the cyberattack and has included the company’s name on its data leak site. The group issued a warning message on the site, advising AvidXchange to contact them to prevent any possible leakage of sensitive data and documents.

According to TechCrunch, a sample of the stolen data includes a range of sensitive information such as non-disclosure agreements, employee payroll details, and corporate bank account numbers. Additionally, the data leak includes login credentials like usernames, passwords, and answers to security questions for various systems used by the company, such as cloud accounts, security software, and even smart door locks and surveillance cameras. The leaked login details suggest that AvidXchange may have used easily guessable passwords, including derivations of the company’s name and the word ‘password,’ which could pose a significant security risk.

On Thursday, AvidXchange provided a brief notice on their website informing of a breach. According to the statement, the company discovered unusual activity during routine security protocols in April. The company stated: ‘We are aware that a threat actor has published files they claim to have taken from our systems. We are reviewing these files to validate and understand the nature of this data.’ The company has reportedly immediately launched an internal investigation and notified the authorities. The investigation revealed the incident had indeed impacted the company’s systems and data, leading to temporary disruptions in their services.

The recent cyberattack on AvidXchange marks the second ransomware attack the company experienced in 2023. Just a month prior, AvidXchange confirmed that it was one of the 130 organisations that were impacted by a zero-day vulnerability exploit in Fortra’s GoAnywhere MFT file transfer application.

AvidXchange is a leading payment software provider in the US that offers accounts payable automation and payment solutions to middle-market businesses and their suppliers.