Taiwanese electronics manufacturing firm Delta Electronics was targeted by the Conti ransomware this week. The company operates as a supplier for major tech giants such as Apple, Tesla, HP, and Dell.
According to a statement circulated on January 22, 2022, the company said the incident only affected non-critical systems, which had no significant impact on its operations. Delta is now working on restoring systems taken down during the attack and says it has hired the services of third-party security experts to help with the investigation and recovery process.
The company added that it had notified law enforcement agencies and hired information systems advisers to investigate the attack and to improve network security. While Delta's statement did not disclose who was behind the attack, an undisclosed information security company discovered a Conti ransomware sample deployed on the company's network.
The Conti operators claim to have encrypted 1,500 servers and 12,000 computers out of about 65,000 devices on the company’s network. The Conti ransomware gang is said to have demanded a $15 million ransom payment from Delta and stopped leaking files stolen from its network.
While Delta is still reportedly working with Trend and Microsoft's security teams to investigate the incident and claims that its production has not been affected, its website is still down one week after the attack.
"The Conti ransomware group revealed a specific pattern part of the Delta attack leveraging Cobalt Strike with Atera for persistence as revealed by our platform adversarial visibility. Certainly, this attack is reminiscent of the REvil Quanta one affecting one of the Apple suppliers," Vitali Kremez, CEO of AdvIntel, stated.
The Conti ransomware gang first emerged in 2020 and has been linked to the Russian-speaking Wizard Spider cybercrime group. The ransomware gang has targeted multiple high-profile organizations including Ireland's Department of Health (DoH) and Health Service Executive (HSE), and the RR Donnelly (RRD) marketing giant.
Conti has also been the subject of two government warnings. The first was by the U.S. Federal Bureau of Investigation in May, followed by a warning from the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency in September.
“Cybercriminals continue to target organizations that provide a service or product to larger organizations with the expectation that they cannot suffer downtime due to a ransomware attack and will be inclined to pay up faster,” James McQuiggan, a security expert at security awareness training company KnowBe4 Inc., said. “While the attack was substantial, it appears the organization took the necessary actions to protect the critical equipment and systems within their organizations, as it seems that the cybercriminal group targeted corporate systems like their webpage.”
