Pierluigi Paganini
January 28, 2022
Taiwanese electronics manufacturing company Delta Electronics was hit by the Conti ransomware that took place this week. Delta Electronics operates as a contractor for major tech giants such as Apple, Tesla, HP, and Dell.
According to the company, the security breach did not impact its operation, it already notified local authorities.
“Resta inteso che Delta ha rilevato che il server è stato attaccato da hacker stranieri intorno alle 6:00 di ieri e ha immediatamente attivato il meccanismo di risposta e difesa della sicurezza delle informazioni. Eseguire operazioni di ripristino.” states the data breach notification published by the company.
“Delta ha dichiarato che i principali servizi interessati sono i sistemi non critici, che stanno gradualmente riprendendo le operazioni.Al momento, la valutazione non ha un impatto significativo sulle operazioni della società e ha notificato alle forze dell’ordine governative e alle unità di sicurezza delle informazioni di assistere nelle seguenti operazioni: e continuerà a migliorare la rete e la sicurezza Controllo della sicurezza dell’infrastruttura dell’informazione per garantire la sicurezza dei dati.”
The company is restoring its systems after the attack and is investigating the intrusion with the help third-party cybersecurity experts.
The company did not reveal details about the attack or the malware family that infected its systems.
According to CTWANT, which cited an undisclosed information security company, Delta Electronics was hit by Conti ransomware that asked Delta to pay a $15 million ransom to restore encrypted files and avoid their leak.
“On January 26, 2022, the malware intelligence team collected a sample of the Conti ransomware with a hash value of 5ace33358a8b11ae52050d02d2d6705f04bd47a27c6c6e28ef65028bbfaf5da9.” reported a statement from the security company cited by CTWANT. “According to the report, the sample may have been used in an attack on Taiwanese electronics manufacturing company Delta Electronics Inc. The hacker group claimed to have deployed the ransomware around January 21, 2022 and demanded a ransom of $15 million (approximately NT$412 million). Of the 65,000 computers in Delta’s network, about 1,500 servers and about 12,000 computers are encrypted.”
According to The Record, the company has yet to restore most of its systems and its official websites remain offline.
Conti operators run a private Ransomware-as-a-Service (RaaS), the malware appeared in the threat landscape at the end of December 2019 and was distributed through TrickBot infections. Experts speculate the operators are members of a Russia-based cybercrime group known as Wizard Spider.
Since August 2020, the group has launched its leak site to threaten its victim to release the stolen data. Conti operators claimed to have already compromised at least 500 organisations worldwide.
In December 2021, the Australian Cyber Security Centre (ACSC) warns of Conti ransomware attacks against multiple Australian organizations from various sectors since November.
The ACSC also published a ransomware profile for the Conti gang that contains information about the operations of the group, including mitigations.
In September, CISA, the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) also warned of an increased number of Conti gang attacks against US organizations.
Follow me on Twitter: @securityaffairs and Facebook
| [adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, Conti ransomware)
[adrotate banner=”5″]
[adrotate banner=”13″]
