TTEC hit with ransomware attack, hampering work for major clients

US customer experience technology giant TTEC has announced a “cybersecurity incident” but confirmed to employees that it was hit with ransomware.

The company, with nearly 61,000 employees and billions in annual revenue, sent a message to employees this week warning them not to click on a link titled “!RA!G!N!A!R!” according to KrebsonSecurity. The message indicates the attack may have been launched by the prolific Ragnar Locker ransomware group or someone trying to impersonate them. 

TTEC told employees that it was having system outages and was working to remove the malicious “!RA!G!N!A!R!” file from its system.

In a statement to ZDNet, TTEC corporate communications vice president Tim Blair would not confirm that it was a ransomware incident but said some of the company’s data was encrypted and “business activities at several facilities have been temporarily disrupted.”

“TTEC immediately activated its information security incident response business continuity protocols, isolated the systems involved, and took other appropriate measures to contain the incident,” Blair said. 

“We are now in the process of  carefully and deliberately restoring the systems that have been involved. We also launched an investigation, typical under the circumstances, to determine the potential impacts. In serving our clients TTEC generally does not maintain our clients’ data, and the investigation to date has not identified compromise to clients’ data. That investigation is on-going and we will take additional action, as appropriate, based on the investigation’s results.”

TTEC works with some of the biggest companies in the world, including Verizon, Best Buy, Dish Network, Bank of America and Kaiser Permanente.

KrebsonSecurity was able to obtain the internal message from a reader, who told the blog that the “widespread” system outage began on Sunday, September 12. The source told KrebsonSecurity that thousands of TTEC employees working on accounts for Verizon, Kaiser Permanente and Bank of America were unable to do any tasks because of the attack while many other customer support teams reported being…