FOLLOW US

Industrial Internet of Things (IIoT) chip maker Advantech was hit with a Conti (Ryuk) ransomware, The bad actors are now demanding 750 in bitcoin worth over $13 million in ransom from the firm.

Advantech is based in Taiwan and it has 8,000 employees worldwide. Last year, the IIoT chip maker reported over $1.7 billion in annual revenue.  On Nover 20, it was ranked No. 4 in the “2020 Best Global Taiwan Brands,”

The Conti ransomware gang infected the online systems of Advantech. On November 21, the gang announced that it was responsible for the hacking and demanded that IIoT chip maker pay the ransom the following day.  In exchange for the ransom, the gang promised to provide a decryption key to restore the encrypted files. It also threatened to leak stolen data if the company refuses to pay. 

On November 26, the Conti ransomware gang started leaking the data stolen. The size of the leaked information was about 3.03 GB, which represents about 2% of the total data stolen.

The role of “leak sites” in the hack

It is now a mainstream tactic for cybercriminals to create "leak sites" where they upload private documents and sensitive information taken from hacked companies. The hackers leak small amounts of data when a company is slow in paying the ransom.

The leak site strategy is being used by the cybercriminal underground. This enables ransomware groups to implement a double extortion attack.

The Advantech hackers release the malware, in this case, Conti ransomware then demands a ransom to keep the data private. They also want to be paid for the key to restore the data that they have encrypted throughout the company’s system.

As proof of the capability to restore the data, Conti ransomware operators are willing to decrypt two of the encrypted files.

This is known as a hacker gang’s one-two punch or double extortion demand.

Conti ransomware is an evolving threat

The Conti ransomware gang claims they will remove any backdoors from Advantech’s network and completely remove all stolen data from the hacker’s system. But they threaten to leak all the data and leave the firm with a corrupted server if they do not receive ransom payment.

The hacker gang also brazenly announced that they will be happy to provide security tips on how to secure the company network so it will be immune to all future ransomware infections.

Conti is a private Ransomware-as-a-Service (RaaS) malware that was first used in attacks in December 2019. The malware is distributed through TrickBot infections.