American cookware distributor Meyer Corporation has suffered a ransomware attack that reportedly affected “thousands” of its employees.
The company has said it suffered a ransomware attack on October 25, 2021, with the threat actors deploying the Conti variant against the company’s endpoints.
The news followed an internal investigation that discovered the attackers made away with enough personally identifiable information on Meyer employees to be able to properly steal their identities.
Data pending release
More specifically, they took full names, physical addresses, birthdates, gender and ethnicity information, Social Security numbers, health insurance information and data on employee medical conditions, random drug screening results, Covid vaccination cards, driver’s licenses, passport data, government ID numbers, permanent resident cards, immigration status information, and information on dependents.
While Meyer did not detail which ransomware variant was used in the attack, or how its network got compromised, BleepingComputer found a listing on the Conti extortion site, dated November 7, 2021. On the listing, 2% of the entire database was posted, as proof of the batch’s authenticity.
Given that it’s been almost four months since the data was stolen, the attackers were either paid for the data, lost interest in publishing it, or are still negotiating a deal with Meyer.
Whatever the reason, Meyer Corporation has now informed the U.S. Attorney General offices of the data breach.
The Conti ransomware group has become quite active in recent weeks, thanks possibly to top members of the notorious TrickBot malware family reportedly joining forces with the ransomware syndicate.
We’re looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn’t take more than 60 seconds of your time, and entrants from the UK and US will have the chance to enter a draw for a £100 Amazon gift card (or equivalent in USD). Thank you for taking part.
What sets Conti apart from other ransomware gangs is that it uses a “trust-based, team-based” model as opposed to working with random affiliates. As a result, the group has been better at evading law enforcement than many of its peers.
Going forward, the Conti ransomware group plans to use TrickBot’s newer product, the BazarBackdoor malware, as it is stealthier and harder to detect. Although BazarBackdoor used to be a part of TrickBot’s larger toolkit, it has since become its own fully autonomous tool security researchers are saying.
Here’s our rundown of the best firewalls right now
Via: BleepingComputer
