Conti Makes a New Victim: GSS Ransomware Attack Affecting Major European Call Center Provider
Systems Were Taken Down and a Restoration Is in Progress.
A GSS ransomware attack affected the European call center provider as it made its IT systems freeze and database cripple.
What Services Were Impacted?
According to theRecord. publication, the impacted services were:
- Vodafone Spain;
- MasMovil ISP;
- the company that manages water supply in Madrid;
- private businesses;
- television stations.
GSS sent a notification letter to its customers informing them on the topic and also on the taken measures.
Therefore, the impacted systems were taken down and now they are using Google-based systems. The company did not provide a date when the finalization of the recovery is expected.
None of the applications will be working until the incident is resolved.
Conti Ransomware Behind the GSS Ransomware Attack
GSS is Covisian’s Spanish and Latin America division, counting among the biggest providers in call center services in Europe. A company’s spokesperson told the same publication mentioned above that the ones behind Conti ransomware conducted the attack on the 18th of September. Normally in Conti operations, data leakage is a common method. However, the spokesperson asserted the no data leakage happened and customers are not impacted.
The attack impacted only the GSS network, not the other services Covisian provides in other European states.
Conti ransomware is famous on the scene of recent ransomware attacks and it works as a private ransomware-as-a-service that basically means that affiliates perform ransomware attacks with existing ransomware tools and earn a percentage of the ransom. Some recent malicious operations include the exploitation of ProxyShell vulnerabilities early this month with the goal of compromising Microsoft Exchange Servers.
What Is Ransomware?
Ransomware stands for malware that encrypts files, then cybercriminals behind it ask for a ransom from the organizations in exchange for the decryption key. Now it has more sophisticated techniques engaging in data exfiltration first to allow for double extortion later, letting hackers eventually threaten with the release of the data too, not only blocking access to information by encryption.
Spain’s National Institute of Cyber-Security, INCIBE has not come with any comments on the matter.
Covisian also declared about the topic:
The cyberattack, from a data protection point of view, has not affected any of our clients to date. As a preventive measure against the cyberattack and in order to guarantee data protection, the services that could be affected were interrupted. From last Saturday to today, there is no evidence of leakage of any personal data. From GSS we hope to restore interrupted services as soon as possible, as long as their security is guaranteed.