Chipmaker Advantech recently revealed that it was recently attacked by the Conti ransom group demanding 750 Bitcoins ($12,600,000), said Bleeping Computer. The ransom note claimed that the payment will decrypt the company’s data and delete stolen files.
The hacker group stole gigabytes of data from Advantech, which is also encrypted on the company’s systems. Paying the ransom is the only way for Advantech to regain access and secure their files.
The group promises to secure the vulnerability it exploited to access the company’s network. Moreover, it said that it will give guidelines on how to further strengthen the firm’s security to prevent future attacks.
BleepingComputer was able to view a chat log between the two parties. According to the ransomware group, it is willing to decrypt two files even before it receives the ransom to prove that their decryption program works.
It also threatened the company that it will leak part of the data should the chipmaker does not respond within a timeframe, which the company failed to do.
To show that Conti is serious about its threats, the group released 3.03 gigabytes of files, which it claims that the portion is only 2% of the total amount of data it stole. It also published a text document listing the files included in the archive.
The tech company confirmed that its servers were indeed hit by ransomware. However, it said that only “a small number of Advantech servers which were attacked.”
It also said that its internal risk evaluation revealed that “the stolen data was confidential but only contained low-value documents.” Moreover, the server was gradually recovered and all-important systems are now functioning as normal.
Advantech also assured its customers that it has deployed new security measures to detect, protect, and respond to cyber events and attacks.
Advantech focuses on Industrial automation and Industrial internet-of-things (IoT) covering intelligent systems, machine automation, transportation, and many more. It is known as a leading producer of information technology products and solutions.
While Conti claims that it will decrypt and delete files it stole once it receives the payment, research by Coveware, a ransomware negotiation firm, revealed that many operations do not actually remove the data from their storage.
Conti is just one of many groups that have been operating over the past months. It was first detected in December 2019 and has been stepping up its game since July 2020.
