Industrial Computer Maker Confirms Ransomware, Data …

Advantech reports the stolen data was confidential but did not contain high-value documents.

Industrial computer manufacturer Advantech has confirmed a ransomware attack that led to the theft of confidential, though low-value, corporate documents, BleepingComputer reports. 

Advantech, a global leader of embedded and automation platforms for Internet of Things (IoT) system integrators, manufactures embedded PCs, industrial IoT (IIoT) devices, network devices, servers, intelligent systems, and intelligent healthcare tools among its many offerings.

The Conti ransomware group was reportedly behind this attack and demanded a $12.6 million ransom to both decrypt target systems and stop publishing the data they stole. They also claimed they would remove backdoors installed on Advantech’s network if the ransom was paid. Attackers began to leak stolen data on their ransomware data leak website on Nov. 26. 

Advantech reports the affected server has been recovered and all key operating systems are functioning as normal.

Read more details here.

Read More

Data Backup Practices Can Thwart Ransomware

Spectra Logic is a 41-year-old private company, based in Boulder, Colorado, that according to the company’s website, “develops data storage and data management solutions that solve the problem of digital preservation for organizations dealing with exponential data growth.”  On May 7, 2020, and related to the move to remote work by Spectra Logic employees, the company experienced a ransomware attack by one of the more active ransomware malware that encrypted a significant amount of the company’s data.

Ransomware is a type of malware, often spread through phishing emails (as was the case for Spectra Logic), that once opened, encrypts an organization’s data, making it unavailable to access until the company pays a ransom to have the data decrypted.  Note that sometimes the malware source takes the money but never decrypts the data, so paying a malware source may not result in getting

Read More

Industrial computer manufacturer Advantech hit with a ransomware attack

Industrial computer manufacturer Advantech Co. Ltd. has been hit with a ransomware attack, and those behind the attack are demanding a ransom of 750 bitcoin ($13.8 million).

Based in Taiwan, Advantech is the world’s largest supplier of industrial computers, with a 34% market share as of 2018. The company also manufactures network devices, servers, industrial “internet of things” devices and healthcare solutions.

The attack took place on Nov. 19, according to Taiwanese media with Bleeping Computer, which reported separately Saturday that it involved Conti ransomware. Those behind the Conti ransomware attack are said to have offered full data decryption and a promise to delete the data they had stolen if the ransom was paid with a threat to start releasing stolen data if payment was not made.

By Nov. 26, no payment had been made and those behind the attack released a 3.03-gigabyte archive of Advantech data that they claim

Read More

Ransomware Has Catapulted This Insurtech Startup To $100 Million In Revenue

Ransomware attacks, where hackers steal computer files and demand money in return, have exploded during the pandemic. The average ransom payment went from $41,000 in the third quarter of 2019 to $234,000 in 2020, according to Coveware, a ransomware mitigation company. 

Now Coalition, a three-year-old cyber insurance startup, is seeing soaring demand for its services. This fall, it reached $100 million in annualized revenue, up from $50 million a year ago.

The trend of escalating ransomware is deeply troubling. “I saw a $100 million ransom demand just this past week,” says Coalition CEO Joshua Motta. Last month, a hacker reportedly stole medical records from a psychotherapy center in Finland, then contacted its mental-health patients and demanded money from each one. In September, a ransomware attack on a German hospital led to a patient’s death.

Read More

Australian government warns of possible ransomware attacks on health sector

ACSC Australia

The Australian government has issued a security alert today urging local health sector organizations to check their cyber-security defenses, and especially their controls for detecting and stopping ransomware attacks.

The Australian Cyber Security Center said it “observed increased targeting activity against the Australian Health sector by actors using the SDBBot Remote Access Tool (RAT).”

While the ACSC has not provided any details about what the “targeting activity” means, the SDBBot RAT has been almost exclusively distributed by a cybercrime group known as TA505.

The group relies on massive email spam campaigns to target companies and infect workstations with malware. The group has been seen dropping various malware strains on infected systems, but since September 2019, TA505 has often deployed the SDBBot payload as a means to access infected hosts remotely.

“SDBBot is comprised of 3 components,” the ACSC explained. “An installer which establishes persistence, a loader which downloads additional components,

Read More