Conti ransomware attacked the networks of Advantech, a manufacturer of automation systems and chips for industrial Internet of Things (IIoT) devices. For the recovery of encrypted files and stopping the publication of the data stolen from the company, the ransomware demands almost $ 13 million.
Advantech is a leader in the global market for IT products and solutions, including embedded PCs, networking and IoT devices, servers and medical equipment. The company employs more than 8 thousand people in 92 largest cities in the world. In 2018, Advantech had the largest share of the global industrial computer systems market – 34%. In 2019, the company’s sales revenue exceeded $ 1.7 billion.
After the attack, the Conti ransomware operators demanded a ransom from Advantech in the amount of 750 bitcoins (about $ 12.6 million) for decrypting all data and removing stolen files from their servers. According to the correspondence with ransomware, which BleepingComputer managed to get acquainted with, the attackers agreed to decrypt two files for free as proof that their decryptor actually works.
On November 21, Conti operators warned the company about their intention to publish part of the stolen data if they did not receive a response from it within 24 hours. On November 26, ransomware began uploading Advantech files on their website to publish leaks. The 3.03 GB archive includes 2% of all stolen data. The ransomware also announced their readiness to immediately remove all backdoors from the company’s network and provide it with advice on strengthening its security as soon as the ransom is paid.
Advantech has not yet released any official announcements about the cyberattack and is not commenting on it in any way.