Advantech hit by Ransomware
The company has reported that a ransomware has attacked their network and has lead to theft of classified, yet low-value, company documentation.
According to researchers, the name of the malware that struck Advantech’s networks is Conti Ransomware. The malicious actors behind it are now demanding 750 BitCoins in ransom to decrypt the systems affected and to avoid leakage of robbed info.
Advantech is a world-leading IT products and solutions manufacturer with more than 8,000 staff occupied in 92 big cities situated in different countries around the world.
The company is performing as an IoT chip maker occupied in the Industrial automation sector that provides embedded PCs, network equipment, IoT solutions, servers, and more.
In 2018, the company had a 34% WW Market share as the world’s pioneer in industrial computing with annual revenues of over $1.7 billion in 2019.
The Conti ransomware operators, who stand behind the Advantech network assault, have requested a ransom of 750 BTC for total decryption of the encrypted data and for a leaked data withdrawal from their servers, according to a chat log.
The malicious actors have claimed that they are willing to decrypt two of the encrypted files as confirmation that their decryptors operate, even before the ransom is paid.
On 21st of November 2020, the Conti Ransomware operators threatened that if Advantech does not respond to their demands within the next day, part of the stolen data will be leaked.
A few days later, on 26th of November 2020, the malicious group published an archive with 3.03 GB of the company’s data on their ransomware data leak site.
The criminals also mentioned that if Advantech agrees to pay the ransom, they will delete all backdoors deployed in the network of the company and will offer security tips about how to protect the network to deter potential violations in the future. They also claimed that all data that has been stolen will be erased as soon as the payment has been made.
Professionals dealing with ransomware attacks, however, know very well that many ransomware operators don’t keep their promises and don’t delete the stolen files even after all their ransom demands are met.
Initially, Advantech did not make any comments on the ransomware assault on its networks, but after a copy of the Conti ransomware operators’ ransom note that was shown on the encrypted Advantech systems leaked into the web, a company spokesperson confirmed the attack and the fact that some data has been stolen from the Advantech’s system.
According to the company’s internal risk evaluation, the data that has been stolen consists of confidential, but low-value documents. The important operating systems are all functioning normally and the company has already carried out data preservation and system updates to ensure its customers’ information security.
Advantech has also introduced countermeasures in its cyber-security policies in relation to the latest attack and is asking its global partners and customers to have patience while the cyberattack is fully handled.
The company has not officially commented on the ransom demands.
Conti ransomware operates as a RaaS
Conti ransomware is a Ransomware-as-a-Service (RaaS) that is known to security researchers since December 2019. Its attacks have been picking up since June 2020, where Conti operators were actively breaching corporate networks in attempts to reach the domain admin credentials that will let them deploy the ransomware payloads without being disturbed.
Conti has launched its own data leakage portal in August 2020 with twenty-six victims in it so far. According to researchers, the Conti ransomware started spreading through reverse shells opened by the Trojan TrickBot and shares code with the infamous Ryuk Ransomware.