Kitchenware company Meyer Corp. US recently reported that it suffered a breach targeting a wide array of data such as name, address, ethnicity, date of birth, gender, immigration status and more. Though Meyer did not disclose what form of ransomware was used, the Conti ransomware gang has taken credit for the attack.
The FBI and DHS have issued warnings about Conti in the past year as it has been the culprit behind several attacks on organizations such as Ireland’s health service, Tesla, Apple and hospitals in Texas and Florida.
Ransomware experts from Laminar and Cyber Security Works weighed in on this latest attack from Conti:
Amit Shaked, CEO, Laminar
"Data is no longer a commodity, it's a currency — as this incident represents. Information within an organization’s network is valuable to both businesses and attackers. This incident also reminds us that with a majority of the world’s data residing in the cloud, it is imperative that security becomes data-centric and solutions become cloud-native. Solutions need to be completely integrated with the cloud in order to identify potential risks and have a deeper understanding of where the data reside. Using the dual approach of visibility and protection, data protection teams can know for certain which data stores are valuable targets and ensure proper controls, which allows for quicker discovery of any data leakage.”
Aaron Sandeen, CEO and co-founder, Cyber Security Works
“Conti ransomware is a ransomware-as-a-service (RaaS) operation believed to be controlled by the Russia-based cybercrime group called Wizard Spider. Its prolific track record continues into 2022, with multiple attacks being reported on the likes of a marketing giant, a nationalized bank, an electronics manufacturing firm and now a kitchenware manufacturer.
After the discovery of the critical Log4Shell vulnerability in the Apache framework in December 2021, threat actors, including Conti began exploiting the new vulnerability, as organizations scurried to fix their unpatched systems. Conti also became the first ransomware group to have a complete exploit chain for the Log4J vulnerability, thereby raising concerns worldwide about a spate of supply-chain Conti attacks leveraging the critical Apache bug.
To get ahead of RaaS operations like Conti, we recommend adopting a risk-based approach. Ideally, organizations should seek out near real-time vulnerability platforms that can centralize threat data and identify, investigate and rank vulnerabilities based on weaponization – a more effective approach than waiting for reports to be formalized, interpreted and delegated.”
###