Home News Nokia subsidiary discloses data breach after Conti ransomware attack

    Nokia subsidiary discloses data breach after Conti ransomware attack


    Picture: Kabiur Rahman Riyad

    SAC Wi-fi, a US-based Nokia subsidiary, has disclosed a knowledge breach following a ransomware assault the place Conti operators had been capable of efficiently breach its community, steal information, and encrypt programs.

    The wholly-owned and independently-operating Nokia firm, headquartered in Chicago, IL, works with telecom carriers, main tower house owners, and unique gear producers (OEMs) throughout the US. 

    SAC Wi-fi helps prospects design, construct and improve mobile networks, together with 5G, 4G LTE, small cell and FirstNet.

    Assault detected after Conti ransomware encrypted programs

    The corporate found that its community was breached by Conti ransomware operators on June 16, solely after deploying their payloads and encrypting SAC Wi-fi programs.

    The Nokia subsidiary discovered that private info belonging to present and former workers (and their well being plans’ dependents 
    or beneficiaries) was additionally stolen through the ransomware assault on August 13, following a forensic investigation performed with the assistance of exterior cyber safety consultants.

    “The menace actor, Conti, gained entry to the SAC programs, uploaded information to its cloud storage, after which, on June 16, deployed ransomware to encrypt the information on SAC programs,” SAC says in data breach notification letters despatched to an undisclosed variety of impacted people.

    After finishing the forensic investigation, the corporate believes that the stolen information comprise the next classes of non-public information: identify, date of beginning, contact info (akin to residence handle, e-mail, and telephone), authorities ID numbers (akin to driver’s license, passport, or navy ID), social safety quantity, citizenship standing, work info (akin to title, wage, and evaluations), medical historical past, medical insurance coverage info, license plate numbers, digital signatures, certificates of marriage or beginning, tax return info, and dependent/beneficiary names.

    In response to the ransomware assault, SAC has taken a number of measures to stop future breaches, together with:

    • modified firewall guidelines,
    • disconnected VPN connections,
    • activated conditional entry geo-location insurance policies to restrict non-U.S. entry,
    • supplied extra worker coaching,
    • deployed extra community and endpoint monitoring instruments,
    • expanded multi-factor authentication,
    • and deployed extra threat-hunting and endpoint detection and response instruments.

    BleepingComputer reached out to SAC Wi-fi for extra info on the assault two week in the past, on August 12, however a spokesperson refused to substantiate that it concerned ransomware or present extra particulars.

    “SAC is conscious of an incident, and we’re at present investigating the matter,” the spokesperson stated. “As we proceed to evaluate the incident, we’re involved with related events to advocate that applicable safeguards and precautions could also be taken.”

    Conti claims to have stolen 250GB of information

    Whereas the corporate refused to acknowledge the ransomware assault and didn’t present extra information on the extent of the harm, the Conti ransomware gang revealed on their leak website that they stole over 250 GB of knowledge.

    In accordance with a latest replace, the ransomware group will quickly leak all of the stolen information on-line if the Nokia subsidiary would not pay the ransom they demanded.

    Conti ransomware is a personal Ransomware-as-a-Service (RaaS) operation doubtless managed by a Russian-based cybercrime group referred to as Wizard Spider.

    Conti shares a few of its code with the notorious Ryuk Ransomware, whose TrickBot distribution channels they started utilizing after Ryuk decreased exercise round July 2020.

    The gang has just lately breached Eire’s Health Service Executive (HSE) and Department of Health (DoH), asking the previous to pay a $20 million ransom after encrypting its programs.

    The FBI additionally warned in Might that Conti operators have tried to breach the networks of more than a dozen US healthcare and first responder organizations.

    Earlier this month, a disgruntled affiliate leaked the gang’s training materials, together with details about considered one of its operators, a handbook on deploying Cobalt Strike and mimikatz, in addition to quite a few assist paperwork allegedly supplied to associates when performing Conti assaults.

    Source link