The Conti ransomware gang hit infected the systems of industrial automation and Industrial IoT (IIoT) chip maker Advantech and is demanding over $13 million ransom (roughly 750 BTC) to avoid leaking stolen files and to provide a key to restore the encrypted files.
Advantech has 8,000 employees worldwide and has reported a yearly sales revenue of over $1.7 billion in 2019.
The ransomware gang announced on November 21, 2020 the leak of stolen data if the chipmaker would not have paid the ransom within the next day.
As proof of the capability to restore the data, Conti ransomware operators are willing to decrypt two of the encrypted files.
On November 26, the ransomware operators began leaking the data stolen from Advantech, an archive of 3.03GB that accounts for 2% of the total amount of stolen data.
According to Bleeping Computer, the Conti ransomware gang also promised to remove any backdoors from the company’s network after the payment of the ransom. The operators also announced that the stolen data will be permanently removed from its servers and it will provide security tips on how to secure the network to prevent future infections.
Conti ransomware operators implement a private Ransomware-as-a-Service (RaaS), the malware appeared in the threat landscape at the end of December 2019 and was distributed through TrickBot infections.
Since August 2020, the group launched its leak site to threaten its victim to release the stolen data.
(SecurityAffairs – hacking, Advantech)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.