Delta Electronics, an Apple and Tesla contractor from Taiwan, divulged that it had fallen victim to a cyber attack. The attack took place on January 21, and according to a statement shared by the company, the attack was detected right away.
It’s positive that the Conti ransomware gang is responsible for this security breach, but Delta Electronics claims that only non-critical systems have been affected by this incident. Still, over 1,500 Delta servers and almost 20% of Delta’s computers were encrypted by the Conti gang.
Some speculate that the Conti operation is linked to a Russian cybercrime group, also known as WizardSpider. This group of cybercriminals is based in Saint Petersburg, but some group members are currently in Ukraine.
To make the situation worse, this is not Conti’s first ransomware attack. This cybercrime group had breached other high-profile organisations in the past, such as Ireland’s Department of Health and RR Donnelley. Moreover, the FBI linked at least 16 ransomware attacks targeting US healthcare to Conti in 2021, which is concerning as the group was established in 2019.
After the data breach happened, Conti demanded a $15 million ransom payment in return for a decryptor, to which Delta replied by entering into negotiations on a possible settlement. Conti offered a discount for a quick payment, and if they manage to find common ground, Conti is also expected not to leak any stolen data.
Delta is now trying to restore the systems taken down by the attackers, and it says it hired security experts to help resolve this issue. Additionally, Taiwanese law enforcement agencies are involved in contributing to the investigation and recovery process.
While Delta continues working with Trend and Microsoft’s security teams, its website is still down. Luckily, Delta Electronics customers can use a domain alternative until the company brings its official website back online.
When asked about the attack, this is what Vitali Kremez, the CEO of AdvIntel, told Bleeping Computer:
“The Conti ransomware group revealed a specific pattern part of the Delta attack leveraging Cobalt Strike with Atera for persistence as revealed by our platform adversarial visibility. Certainly, this attack is reminiscent of the REvil Quanta one affecting one of the Apple suppliers.”
For now, Delta will continue negotiations with this cybercrime group. Unfortunately, the company’s spokesperson didn’t share any new information about the case. But, they’ll hopefully manage to deal with this attack adequately and prevent similar incidents in the future.