Nearly 2TB of recordsdata became once stolen from Jap electronics agency in a Conti ransomware hit
Japan-based electronics supplier JVCKenwood has turn out to be the most up-to-date known victim in a renewed wave of Conti ransomware attacks which might perchance perchance be spreading around the sector.
Most well-known aspects of the attack obtained by Computer Weekly’s sister title LeMagIT train that Conti has exfiltrated about 1.7TB of JVCKenwood’s recordsdata, along with in my opinion identifiable recordsdata (PII) on its staffers, just a few of which became once offered to the firm as proof of the attack.
The Conti gang is stressful a ransom of $7m (£5.2m/€6m) and claims to have stolen recordsdata on JVCKenwood potentialities and suppliers, and records touching on to its real, monetary, HR, IT, audit and compliance functions. This contains non-public paperwork, telephone numbers, contact particulars, and payroll and banking statements.
Nonetheless, at the time of writing, discussions between a JVCKenwood handbook and Conti’s negotiator seemed as if it might perchance perchance perhaps well have ground to a dwell, which can perhaps be an provide that the agency will refuse to pay a ransom.
As has been recurrently observed in its diverse Conti attacks, the crew continues to act as if it’s miles offering a sound penetration testing and security audit service. In screengrabs of the negotiations seen by Computer Weekly, it acknowledged: “Fortunately, Conti is here to prevent any extra damages.”
The crew goes on to provide rupture prevention and mitigation companies and products, and warns the victim that if it does leak their recordsdata, their recordsdata will be abused by dark web cyber criminals for their maintain “wrong functions”.
The ransom sigh their own praises goes on to warn that the attack will result in real, regulatory and reputational penalties.
It provides: “There might perchance be rarely a ability that we can’t fulfil our guarantees after you pay. The potentialities that hell will freeze are better than us misleading our potentialities.”
In an legit commentary, JVCKenwood acknowledged that it detected unauthorised entry to servers positioned in Europe on 22 September 2021.
“It became once chanced on that there became once a possibility of recordsdata leak by the third celebration who made the unauthorised entry,” acknowledged a firm spokesperson.
“At the moment, an intensive investigation is being performed by the specialised agency start air the firm in collaboration with the relevant authorities. No buyer recordsdata leak has been confirmed at the present.
“JVCKenwood takes this incident very seriously, and sincerely regrets the difficulty it might perchance perchance perhaps well also region off.”
Described by Palo Alto Networks’ Unit 42 crew as one of the extra ruthless extant ransomware gangs, Conti has been around for over a year and has made big sums by extorting victims corresponding to hospitals, for whom IT disruption can also train existence-threatening. In Would possibly perhaps perhaps perhaps, the gang attacked Eire’s Well being Carrier Executive in a $19.9m attack that continues to electrify companies and products as regards to six months later.
Counter to the gang’s feelings on the topic, Unit 42 additionally describes Conti as unreliable. “We’ve seen the neighborhood stiff victims who pay ransoms, anticipating to be ready to earn better their recordsdata,” wrote Richard Hickman, a senior incident response handbook at the agency.
A novel leak of recordsdata on the Conti operation, supposedly by a disgruntled affiliate, revealed extra insight into how the neighborhood goes about reconnoitring and compromising its victims, along with recordsdata on recurrently unpatched vulnerabilities that it has had scream success at exploiting, corresponding to PrintNightmare, ZeroLogon and EternalBlue. Further recordsdata on Conti is offered from the US Cyber Safety and Infrastructure Safety Company.