Business technology giant Konica Minolta suffered a ransomware attack in July which affected its services for almost a week.
Konica Minolta which is a Japanese multinational business technology giant has around 44,000 employees and over $9 billion in revenue for 2019.
The company provides large variety of services and products ranging from printing solutions, healthcare technology, to providing managed IT services to businesses.
On July 30th, 2020, customers started reporting that Konica Minolta’s product supply and support site was not accessible and was displaying an outage message. The site was down for almost a week due to the outage.
Some Konica Minolta printers were displaying a ‘Service Notification Failed’ error.
A copy of the ransom note was shared by an anonymous source which is entitled !!KONICA_MINOLTA_README!!.txt
All the devices in the company were encrypted, and files had the ‘.K0N1M1N0’ extension appended to them.
It was found that this ransom note belongs to a relatively new ransomware called RansomEXX. Similar to other ransomware operations, RansomEXX is also human-operated, which entails threat actors compromising a network, and spreading to other devices until they gain administrator credentials.
On getting admin rights and access to the Windows domain controller, they deploy the ransomware on the network and encrypt all of its devices.