JVCKenwood, a Japan-based multinational electronics company, has been hit by the Conti ransomware. It claims to have stolen 1.7 TB of data and is seeking a $7 million payment.
In a press release yesterday, JVCKenwood said that servers belonging to its European sales firms were hacked on September 22nd, and threat actors may have gained access to data.
“JVCKENWOOD detected unauthorized access on September 22, 2021 to the servers operated by some of the JVCKENWOOD Group’s sales companies in Europe. It was found that there was a possibility of information leak by the third party who made the unauthorized access,” the company’s alert reads.
A professional cybersecurity agency is currently conducting a thorough investigation outside the firm in conjunction with the appropriate authorities. At this moment, there has been no proof of a consumer data breach. As soon as the facts are ready, they will be posted on the company’s website.
A ransom letter for a CONTI ransomware sample used in the attack on JVCKenwood was provided today to BleepingComputer by a source.
The ransomware group claims to have stolen 1.5 TB of files in a negotiating conversation and is seeking $7 million in exchange for not publishing the data and providing a file decryptor.
As proof of theft, the threat actors uploaded a PDF file that seems to be a scanned passport for a JVCKenwood employee.
Since presenting proof of data theft, the JVCKenwood representative has not approached again, indicating that the company is unlikely to pay a ransom.
Conti is a ransomware family and believed to be controlled by the TrickBot threat actor gang. It is frequently installed after networks have been hacked by the TrickBot, BazarBackdoor, and Anchor trojans.
Over the years, the ransomware gang has been responsible for many high-profile attacks, including those against the City of Tulsa, Ireland’s Health Service Executive (HSE), Advantech, and several healthcare institutions.