JVCKenwood Suffers Ransomware Attack
Conti Ransomware Gang Claims to Have Stolen 1.5TB Data from JVCKenwood During the Attack.
This week, the ransomware threat actors made a new victim. The Japan-based organization JVCKenwood has recently revealed it suffered a ransomware attack conducted by the Conti ransomware group.
What Data Was Stolen in the JVCKenwood Ransomware Attack?
Conti has allegedly accessed and stole almost 2TB of information belonging to JVCKenwood. The company found out that the exfiltrated data included employee’s personal information when the attackers sent it to JVCKenwood as evidence.
The Conti gang also claims to have stolen information on JVCKenwood customers and suppliers.
In order to not leak it, the ransomware attackers asked for a ransom of $7M not to publish the stolen information and provide a decryptor.
JVCKenwood Corporation is a Japanese multinational electronics company headquartered in Yokohama, Japan that, among others, focuses on car and home electronics, wireless systems for the worldwide consumer electronics market.
In an official announcement, the Japanese company stated that it noticed unauthorized access to servers located in Europe on 22 September 2021, adding that data might have been accessed during the incident.
JVCKENWOOD detected unauthorized access on September 22, 2021, to the servers operated by some of the JVCKENWOOD Group’s sales companies in Europe. It was found that there was a possibility of information leak by the third party who made the unauthorized access.
Currently, a detailed investigation is being conducted by the specialized agency outside the company in collaboration with the relevant authorities. No customer data leak has been confirmed at this time. The details will be announced on the company website as soon as they become available.
Will They Pay the Ransom?
According to BleepingComputer, yesterday, a source shared a ransom note for a Conti ransomware sample used in the attack against JVCKenwood.
As we said before, the attackers sent the company a scanned passport belonging to one of its employees as proof of the attack.
However, since then, discussions between the hackers and their victim seemed to have stopped moving forward showing that JVCKenwood will probably decline to pay the requested ransom.
Conti ransomware is one of the most dangerous ransomware gangs of today’s cybersecurity landscape. The group was first noticed in May 2020, and since then has undergone rapid development and is known for the speed at which it encrypts and deploys across a target system.
As mentioned by my colleague, the ransomware group infects machines via BazarLoader, Bazarcall, and TrickBOT and then drops a cocktail of other malware into the compromised network in order to make a lateral movement.
Last week, a joint report between the FBI, CISA, and NSA warned that the Conti ransomware attacks are on the rise.
What Are the Predictions When It Comes to Ransomware?
The most important cybersecurity trends that I expect to see in 2022 are: a massive increase in supply chain attacks (ransomware especially), potentially through globally reaching supply chains like Microsoft Update, huge remote work challenges, data protection and authentication transformations, machine learning and AI favoring the evolution towards prevention instead of mitigation, an increased necessity for real-time data visibility, extended detection and response and unified endpoint management, as well as a long-awaited increase in user awareness.
In the fight against ransomware, Heimdal™ Security is offering to its customers an outstanding Ransomware Encryption Protection module, that is universally compatible with any antivirus solution, and is 100% signature-free, ensuring superior detection and remediation of any type of ransomware, whether fileless or file-based (including the most recent ones like LockFile).