Porsche South Africa’s headquarters in Johannesburg suffered a disruptive ransomware attack over the weekend, taking down several of the company’s systems and at least some backups.
Aside from encrypting the data, Faust modifies file names by adding a unique ID for the victim, an email address belonging to the attacker, and a .faust extension.Screenshot showing an example of files encrypted by Faust ransomware. Credit: PCRisk.com It is currently impossible to decrypt the files without intervention from the attackers. Free decryption tools are often available for older ransomware strains.Although many newer forms of ransomware don’t have decryptors, cooperating with attackers would not guarantee that they provide victims with the necessary decryption tools.
It was unclear what the attackers demanded from the company or whether it had paid a ransom to regain access to its system.