SAC Wireless revealed an extensive data breach following the Conti Ransomware attack that compromised a significant number of customers and employees...
SAC Wireless, an American subsidiary of Nokia, recently disclosed an extensive data breach following a Conti Ransomware attack that enabled the threat actors to successfully breach its network, encrypt systems, and steal data.
The Nokia subsidiary operates in Chicago, Illinois, and works for telecom carriers, original equipment manufacturers (OEMs), and influential tower owners.
Conti Ransomware is a private Ransomware-as-a-Service (RaaS) operation allegedly operated by a Russian cybercrime group called Wizard Spider.
###Conti Ransomware Gang Encrypted Systems:
On the 16th of June, the company detected the data breach and identified the threat actors as the operators behind the Conti Ransomware. The attackers deployed payloads and encrypted the company's SAC Wireless systems.
According to the company, the breach compromised personal information concerning several current and former employees on the 13th of August, after a forensic inquiry conducted in collaboration with third-party security experts.
In the notification letters sent to impacted individuals, SAC mentioned that "The threat actor, Conti, gained access to the SAC systems, uploaded files to its cloud storage, and then, on the 16th of June, deployed ransomware to encrypt the files on SAC systems."
After a thorough analysis, the company concluded that the compromised data included names, contact information, social security numbers, government ID numbers, medical records, and history.
To respond to the Conti Ransomware gang, SAC undertook several measures to restrict further breaches, such as changing firewall protocols, disabled all VPN connections, introduced additional employee training, expanded multi-factor authentication, to name a few.
A spokesperson from the company refused to comment on anything related to the incident and exclaimed that "SAC is aware of an incident, and we are currently investigating the matter. As we continue to assess the incident, we are in contact with relevant parties to recommend appropriate safeguards and precautions to all customers and employees."
###250 GB of Files compromised:
The Conti Ransomware Gang revealed the breach on their underground leak portal and claimed to have stolen 250 GB of files. The threat group threatened to leak the stolen files on the internet if Nokia refuses to pay the ransom.
The gang has been highly active since last year and has attacked several significant targets. In May, the FBI announced that Conti operators attempted to breach the networks of more than a dozen US Healthcare institutions.
Earlier this month, an unsatisfied Conti affiliate spilled out the group's attack book and technical manuals about deploying Cobalt strikes.