A leading French electronics manufacturing services company (EMS) has been hit by a cyberattack. The attack operators, the notorious REvil ransomware gang, also known as Sodin and Sodinokibi, are demanding a $24 million ransom for the stolen data. However, it is unclear if the attackers managed to encrypt the data.
A French EMS company Asteelflash has become the latest victim of the REvil ransomware gang.
The company is yet to publicly confirm the attack. However, BleepingComputer found a sample of the REvil ransomware that allowed access to a Tor page showing negotiations between the company and REvil regarding the cyberattack and ransom. According to the page, the REvil ransomware group initially demanded a $12 million ransom, but after the ransom deadline passed, they doubled ransom to $24 million.
In a brief conversation between the REvil threat actors and Asteelflash shown on the Tor payment site, the threat actors shared a file named ‘asteelflash_data_part1.7z’ that proves the files had indeed been stolen during the attack. Metadata of some of the shared files further confirms that they belong to Asteelflash.
It is not known whether the company is willing to pay the ransom.
In reply to multiple requests, an Asteelflash representative only said to LeMagIT, a French cybersecurity news portal that first shared the news about the incident, that “the incident was being evaluated.”
Neither BleepingComputer nor LeMagIT confirmed whether the attack was successful in encrypting files on Asteelflash’s systems.
Asteelflash is a leading French electronic manufacturing services (EMS) company specializing in design, engineering, and printing of printed circuit boards. Asteelflash focuses on technologically advanced markets and offers printed-circuit boards assembly (PCBA), box-build assembly, full product assembly, conformal coating and surface treatment, testing, and fulfillment.