On April 2nd, world-leading French electronics manufacturing services (EMS) company Asteelflash released a statement confirming the company has been the victim of a cybersecurity incident.

The company affirms the attack was detected at the end of March during a routine check by its IT teams and recognizes the involvement of the REvil / Sodinokibi ransomware.

REvil ransom demand for Asteelflash cyberattack

Source: BleepingComputer

The attackers demanded Asteelflash to pay a whopping $24 million ransom after it was initially set to $12 million in Monero crypto. Because the negotiations didn’t reach a point of agreement in time, the actors raised the ransom to double the amount and leaked the first sample of the exfiltrated files, an archive named ‘asteelflash_data_part1.7z’.

The company ensures that “defensive measures immediately made it possible to limit the impact of the incident, which could have led to the unavailability of computer networks”. And to ensure that the affected servers have been isolated, cleaned, and re-secured, a large number of security, detection, and preventive neutralization measures have been taken, drawing on the expertise of major cyber specialists.

The company assures that at this stage they have not noticed a resurgence of abnormal behavior within their information systems adding that there is no proof that any data was exfiltrated or disclosed.

Asteelflash operates 18 plants and two R&D centers, employs 6,200 people, and has an annual revenue that goes over one billion EUR. Headquartered in Neuilly-Plaisance, France, it is the second-largest electronics manufacturing services (EMS) company in Europe and ranks among the top 20 worldwide.

For the time being, the discussion between the two parties has actually stalled and there is no information about the company’s objectives concerning the ransom.

There seem to be no boundaries for the REvil Ransomware gang. In early March, a security researcher discovered that REvil Ransomware launched a service for contact to news media, companies for the best pressure at no cost, and DDoS (L3, L7) as a paid service.

PC vendor Acer, the 6th-largest PC vendor by unit sales in the world, was also targeted by the REvil ransomware gang who requested the largest ransom to date, asking for $50 million.

REvil Ransomware Hacked PC Vendor Acer

REvil Ransomware Group Threatens to Launch DDoS Attacks, Call Journalists and Business Partners

Leave a Reply

Your email address will not be published. Required fields are marked *