Conti Ransomware gang targeted Wisconsin-based Snap-on Tools in mid-march this year, stealing 1GB files filled with sensitive data. When the victim failed to pay the ransom, they started threatening to leak the data on their website, which could lead to more trouble for the Kenosha-based company.
Snap-On did not acknowledge the incident as a ransomware genre but did agree that unusual activity was discovered on some of its computer systems compromising personal data related to the staff.
The accessed data by the Conti Ransomware gang includes social security numbers, names, Dobs, and employee identification-related material of snap-on franchisees and associates.
Interestingly, the leaked data started appearing on the Conti website at the end of March this year. However, in the past two days, the stolen information display has been pulled down from the website, suggesting a ransom payment after negotiations.
Meanwhile, information is out that the same ransomware spreading gang also targeted TrustFord UK early this month, partially affecting certain IT services of the used car dealer of Ford Motor Company.
Information Commissioner’s Office (ICO) has launched an investigation into the incident and has asked TrustFord to approach a security firm to access the effect of the cyber attack on the internal IT systems.
TrustFord websites across the UK are open and the trading of cars is going on in full swing.
ICO stated it was notified about the incident by Ford Retail, which also assured that no customer data was compromised in the incident.
NOTE- Google’s Threat Analysis Group (TAG) believes that malware access broker “Exotic Lilly” has acted as a mediator to ransomware gangs like Conti and REVIL and is seen selling access to them for money. Exotic Lilly is a hackers group, possibly linked to the Russian hacking gang Wizard Spider and gets access to the corporate network by launching phishing email campaigns. After obtaining access to different company networks, it puts access to those companies on sale. And from here, the ransomware gangs buy the data, to launch more file-encrypting malware attacks.