Advantech latest victims of ransomware attack
December 2020 by Fedor Sinitsyn, Senior Malware Analyst at Kaspersky
Following the news that industrial IoT chip maker, Advantech, has been the latest victim of a ransomware attack set at $14 million, the comment from Fedor Sinitsyn, Senior Malware Analyst at Kaspersky.
The Conti ransomware gang, which has just recently hit IIoT chip developer Advantech and demanded $14 million, is a targeted encryptor. Just like other targeted ransomware families it does not affect a big number of users; instead, the people behind it usually choose big companies as their victims, extorting large sums of money. Kaspersky first detected Conti ransomware over a year ago, in October 2019. Having analysed the code, the company’s experts believe that Conti ransomware might be connected with another cryptographer, Ryuk, which is well-known for attacking large organisations and governmental and municipal networks.
Kaspersky’s File Threat Protection detects Conti malicious files as Trojan-Ransom.Win32.Cryptor, Trojan-Ransom.Win32.Encoder and Trojan-Ransom.Win32.Gen. Moreover, Kaspersky’s Behavior Detection component can uncover even unknown samples of this Trojan proactively with the PDM verdict: Trojan.Win32.Generic.
‘Even though the issue of ransomware is not in the public’s eye today, the attack on Advantech proves that ransomware has become more targeted. It only means one thing – businesses should pay more attention to their internal security systems and follow the basic rules of information hygiene. In order to protect business data from ransomware attacks, we recommend using security solutions such as Kaspersky security solution for organisations and Kaspersky Endpoint Security for Business , make back ups, always update operation systems and educate employees about digital literacy,’ says Kaspersky security expert, Fedor Sinitsyn.