4 October 2021

Conti ransomware gang hits JVCKenwood, demands $7M ransom


Conti ransomware gang hits JVCKenwood, demands $7M ransom

JVCKenwood, a Japanese multinational electronics company, has been hit by a Conti ransomware attack, with hackers claiming to have stolen 1.7 TB of company’s data.

In a brief press release on its website JVCKenwood revealed that it detected unauthorized access on September 22, 2021 to the servers operated by some of the JVCKenwood Group’s sales companies in Europe and that “there was a possibility of information leak by the third party who made the unauthorized access.”

“Currently, a detailed investigation is being conducted by the specialized agency outside the company in collaboration with the relevant authorities. No customer data leak has been confirmed at this time. The details will be announced on the company website as soon as they become available,” the company said.

While JVCKenwood did not share any information on the nature of the cyberattack, a ransomware note provided to Bleeping Computer by a source indicates that the Conti ransomware gang was behind the intrusion.

In a negotiation chat, the group claimed to have stolen nearly 2 TB of data and demanded a $7 million ransom for a file decryptor.

After details of their ransom negotiations leaked to reporters and subsequently online, the Conti ransomware gang published a statement announcing that from now on, they will publish files stolen from compromised companies if details or screenshots of the ransom negotiations process are leaked to journalists, according to The Record.

“For instance, yesterday, we have found that our chat with JVCKenwood whom we hit a week ago got reported to the journalists. Despite what is said in the article, the negotiations were going in accordance with a normal business operation. However, since the publication happened in the middle of negotiations it resulted in our decision to terminate the negotiations and publish the data. JVCKenwood has been already informed. Moreover, this week we have once again spotted screenshots from our negotiation chats circulating over social media,” the gang said in a statement on their leak website.

Following this, the gang said it would take action against companies and researchers who leak screenshots of its ransom negotiations chats to reporters:

1. If we see a clear indication of our negotiations being sent to the media we will terminate the negotiations and dump all the files on our blog. We are the best team and you can google what estimated revenue we have. This became possible only due to our outstanding reputation. Thus, if we need to sacrifice another 10 mln to cut the negotiations but protect our name; don’t doubt – we will do so.

2. If we see our chats in public we will also dump your files. If this happens after the ransom is already paid by the target who shared our chats, we will dump somebody else’s files as retaliation. We will not care if you directly shared our chats with the media/researchers or if they extracted it from VirusTotal after you uploaded our samples there. Since, the security firms who share chats via their pocket journalists have no concept responsibility, therefore, we will assign responsibilty to the target who is in the chat. We are not advocating collective responsibility via collective punishment, but if this is the only option we will do so.

Back to the list

Latest Posts

Free VPN apps on Google Play turned Android devices into residential proxies

Free VPN apps on Google Play turned Android devices into residential proxies

The threat actor behind this scheme profits by selling access to the residential proxy network to third parties.
28 March 2024
Cyber spies strike Indian government and energy sectors

Cyber spies strike Indian government and energy sectors

The operation involved phishing emails delivering the HackBrowserData info-stealer.
28 March 2024
Spyware makers and state-backed hackers are primary culprits behind rise in zero-day exploits, Google says

Spyware makers and state-backed hackers are primary culprits behind rise in zero-day exploits, Google says

97 zero-day flaws were exploited in-the-wild in 2023, marking an increase of over 50% compared to 2022.
27 March 2024