The systems of industrial automation and Industrial IoT (IIoT) chip maker Advantech was hit with ransomware and the attackers demanded a ransom amount of $14 million to decrypt the affected systems and to stop leaking stolen data.
Advantech which is a global leading manufacturer of IT products and solutions, including embedded PCs, network devices, IoT, servers, and healthcare solutions, employs more than 8,000 people in 92 major cities worldwide.
The operators behind the attack are the Conti ransomware gang who have set a ransom of 750 BTC (approx $12,600,000) for full data decryption and for removing stolen data from their servers.
The gang also said that they are willing to decrypt two of the encrypted files before the ransom is paid to prove that their decryptor works.
The ransomware operators also later said that they will leak part of the stolen data if the company doesn’t reply the next day.
Few days later, the group started publishing Advantech’s data on their ransomware data leak site as a 3.03GB archive with 2% of the stolen data and a text document with a list of files included in the ZIP archive.
The gang agreed to remove any backdoors deployed on the company’s network and also to provide security tips on how to secure the network to block future breaches if the company pays the ransom. They also agreed to delete any data once the payment is done.
According to a research by ransomware negotiation firm Coveware, some ransomware operations don’t actually remove deleted files even after paying the ransom.
The company has not issued any public statements regarding the ransomware attack on its systems
Conti ransomware was first spotted in isolated attacks at the end of last year with increasing attacks in June 2020. This ransomware shares code with the infamous Ryuk Ransomware.
They opened their own data leak site with twenty-six victims in August 2020.
Image Credits : Twitter