Out of all the ransomware attacks in the world, there’s one name that just keeps popping every now and then – the Conti ransomware. The Russian-speaking Wizard Spider cybercrime group uses Conti to hit high-profile companies such as Ireland’s Department of Health (DoH) and Health Service Executive (HSE), and the RR Donnelly (RRD) marketing giant.
Now, Conti strikes again, but this time, it’s Delta – the Taiwanese electronics company and a provider for Apple, Tesla, HP, and Dell. With sales that can hit over $9 billion, we wouldn’t be shocked to see the company make it on the cybercrime group’s radar.
The attackers are asking for a ransom in exchange for decrypting the files. The number is big, and the damage is even bigger, despite Delta not confirming anything. In this article, we’re going to explain a bit more about what went on. Give it a read and learn more.
Delta Electornics – The Malware Nightmare Conti-nues
When a company becomes a provider for major electronic brands, it certainly becomes the main target for cybercriminals. Conti attacked and accomplished as it encrypted around 1,500 servers and 12,000 computers out of roughly 65,000 devices on Delta’s network.
The company didn’t state the name of the attackers, but according to CTWANT’s report, a Conti ransomware sample is lurking within the company’s network. The undisclosed data also shows that the company received a note via a “readme.txt” file:
As seen in the image above, the Conti operators claim to have encrypted Delta’s systems. Unfortunately, the ransom they’re asking for is a bit much.
They asked Delta to pay a $15 million ransom to decrypt its files and stop leaking them from its network. And to add a pinch of audacity, the group promised a discount if the company makes the payment quickly.
According to Vitali Kremez, CEO of AdvIntel:
“The Conti ransomware group revealed a specific pattern part of the Delta attack leveraging Cobalt Strike with Atera for persistence as revealed by our platform adversarial visibility. Certainly, this attack is reminiscent of the REvil Quanta one affecting one of the Apple suppliers.”
While Delta claims that the attack didn’t affect its production, The Record seems to disagree. By the time of the attack and one week later, Delta’s official website was down.
The company urged its customers to use this alternate domain while the company brings back online its main website. Now, the main website is fully active.
The Persistant Malware – What’s Next?
Conti seems to be focused on targeting as many high-profile companies lately. The Ransomware-as-a-Service (RaaS) operation has been at it for a long time now, and it doesn’t seem to be stopping soon.
Delta is a huge company and so were the previous Conti victims. If such big names with cybersecurity expertise are being targeted, rest assured you’re not safe from malware attacks as well.
Now, the company is working with third-party firms to investigate the incident. We hope that other companies take full precautions to fend off such attacks in the future.