Exagrid pays $2.6m to Conti ransomware attackers

Exagrid pays $2.6m to Conti ransomware attackers

jamdesign – stock.adobe.com

Backup equipment specialist hit by Conti ransomware in Can also with cyber criminals downloading worker and customer recordsdata, confidential contracts and source code

By

Printed: 01 Jun 2021 13: 00

Backup equipment vendor ExaGrid has paid a $2.6m ransom to cyber criminals that centered the firm with Conti ransomware.

The ransom was paid within the develop of 50.75 bitcoins on 13 Can also, per recordsdata obtained by ComputerWeekly.com’s French sister newsletter LeMagIT.

Accession to the ransomware attacker’s requires was made more embarrassing when the backup equipment vendor – which makes a substantial play of its strengths against ransomware – accidentally deleted the decryption instrument and needed to query for it yet again.

Submission to the ransomware assault came within the identical month as US pipeline operator Colonial Pipeline paid $4.5m after being hit by Darkside ransomware and the Irish smartly being provider was centered, furthermore by Conti ransomware.

The negotiations, to which LeMagIT had access, began on 4 Can also with a person with the title “IT lead technician with ExaGrid Systems”.

The cyber criminals got straight to the point, and said: “As , we infiltrated your network and stayed in it for more than a month (adequate to survey your entire documentation), encrypted your file servers, SQL servers, downloaded all major recordsdata with a complete weight of more than 800GB.”

They went on to describe how they had got protect of the non-public recordsdata of potentialities and staff, industrial contracts, NDA forms, financial recordsdata, tax returns and source code. The initial ransom demanded was $7,480,000.

ExaGrid wished to test the decryption on a sample, and a record of the front of an ExaGridEX63000E NAS field was equipped. Negotiations continued and lasted until 13 Can also. All over this duration, the attackers shared recordsdata with ExaGrid by Sendspace to explain what they had been ready to access. Some archives shared in this vogue had now no longer been deleted for a whereas after negotiations accomplished and could well well aloof be downloaded.

The cyber criminal’s negotiator gave the impact more experienced than others. After an initial provide from ExaGrid of more than $1m, she responded: “Thanks for your efforts. Right here’s a comely and life like initial provide. We absorb the different to barter. We are ready to give you a low cost of $1m. Your rate will now be $6,480,000.”

In distinction to the heavy-handed come of other cyber criminals, the negotiator added: “We realize that your work right here is now no longer simple and requires some effort to convince the participants of your board. Nevertheless, we’re aloof far from agreement.”

A week later, the ExaGrid negotiator raised their provide to $2.2m. The cyber criminals then diminished their question to $3m. At that point, the exchanges intensified because the two parties sought to instant attain an accord. That came quickly with an agreement at $2.6m, and the bitcoin address indicated that the negotiated amount was paid. The decryption instrument was equipped by an tale at Mega.nz, where the stolen recordsdata was kept. The records and the accounts were without prolong deleted.

Nevertheless then, two days later, the ExaGrid negotiator asked for the decryption instrument to be despatched yet again on tale of “we deleted it accidentally”. The cyber criminals made it on hand for derive the following day.

The assault is in particular embarrassing for Exagrid, which last December announced it had obtained seven enterprise awards, to boot to the initiating of a recent resolution for restores following ransomware attacks.

On its online net page, on the sphere of ransomware, ExaGrid says: “ExaGridoffers a various come to be certain that that that attackers can now no longer compromise the backup recordsdata, permitting organisations to be confident that they are able to restore the affected major storage and withhold far from paying gruesome ransoms.”

ExaGrid has been asked for disclose, however was now no longer on hand at time of publishing.

Dispute material Continues Beneath


Read more on Information centre hardware

Read More

Share your love