AdvanTech is a well-known manufacturer of industrial automation and industrial Internet of Things chips. Recently, this manufacturer was attacked by ransomware.
The ransomware that attacked Advantech was Conti, and its operator asked Advantech to pay 750 bitcoins, which is approximately $12.6 million at current prices.
This attack is also an APT attack, that is, the hackers have already selected Advantech as the target to launch a targeted attack, and Advantech’s internal facilities have been infected.
The hackers also stated that they had downloaded various confidential data of Advantech, and also installed multiple backdoors on Advantech’s internal infrastructure.
At present, the price of Bitcoin has risen. Even after a sharp drop of $3,000 in recent days, the current price of Bitcoin is still around $18,000. And the market price of 750 bitcoins is approximately $13 million. Obviously, Advantech will not pay such a huge ransom to hackers.
The hacker issued a message to Advantech on the day of the attack, stating that Advantech must reply the next day. If Advantech does not reply, the stolen data will be gradually leaked online.
In fact, this group of hackers did so. The first batch of data leaked by the hackers contained 3.03 GB archives, 2% of which belonged to Advantech’s confidential data.
The hacker stated that if Advantech is willing to pay the ransom, it will immediately provide the decryption key and completely delete the backdoor from Advantech’s internal infrastructure.
Of course, if they are unwilling to pay the ransom, all data will be publicly leaked to the Internet, and they may also use backdoor programs to continue to destroy them in their internal settings.
Advantech has not released any news to respond to this matter, but as a listed company, if the company pays the ransom, it will definitely issue an announcement to explain it.
Conti ransomware was first discovered in an isolated attack at the end of December 2019, and another case of Conti ransomware appeared in June 2020.
This ransomware shares the same code with the Ryuk ransomware and therefore has the same homology. After Ryuk’s activity decreased in July this year, Conti’s activities began to be frequent.
The operators behind Conti recruit a large number of experienced hackers to deploy ransomware, and such professional attacks usually pre-select specific targets.