30 November 2020

Chip maker Advantech hit by a Conti ransomware attack


Chip maker Advantech hit by a Conti ransomware attack

Hackers behind the Conti ransomware operation infected systems of industrial automation and Industrial IoT (IIoT) chip manufacturer Advantech and are now demanding a 750 BTC (approx. $14M) ransom for a decryptor to restore encrypted systems and to stop stolen data leakage.

According to a chat log and a ransomware note seen by Bleeping Computer, on November 26 the Conti gang posted on their leak site a 3.03GB archive (2% of the stolen Advantech's data) and a text file containing a list of files included in the ZIP archive. The Conti operators also said that if the ransom is paid they will remove any backdoors deployed on the company's network and delete the stolen data.

The Conti ransomware was first spotted in the wild in December 2019, and has become increasingly common in recent months, targeting corporate and government networks. The malware spreads through networks laterally using a range of techniques, such as the Windows Restart Manager to ensure that all files can be encrypted.

In August this year, the group launched their own leak site, where they publish data stolen from victims, following the steps of other ransomware groups who operate such sites, including CLOP, Darkside, DoppelPaymer, Maze, Mespinoza (Pysa), Nefilim, NetWalker, RagnarLocker, REvil (Sodinokibi), and Sekhmet.

Back to the list

Latest Posts

One of the US’ largest pipelines halts operations after a ransomware attack

One of the US’ largest pipelines halts operations after a ransomware attack

The "DarkSide" criminal group is believed to be behind the ransomware attack.
10 May 2021
TunnelSnake cyber-espionage campaign deploys unique rootkit to backdoor Windows systems

TunnelSnake cyber-espionage campaign deploys unique rootkit to backdoor Windows systems

The attacks were highly targeted and delivered to less than 10 victims around the world, including large diplomatic organizations in South-East Asia and Africa.
10 May 2021
A bio research institute got infected with Ryuk ransomware because of pirated software

A bio research institute got infected with Ryuk ransomware because of pirated software

The student who wouldn’t pay for licensed software unwittingly opened a door to the ransomware.
10 May 2021