Infamous Conti Ransomware Gang Strikes Snap-On Tools | #malware | #ransomware | #education | #technology | #infosec

The Conti ransomware gang has struck again. Last month the hackers added a new victim to its data leak website: Kenosha, Wisconsin-based Snap-On Tools. In mid-March Conti posted just under 1Gb of files allegedly stolen during a breach of Snap-On’s network.

While Snap-on has not officially confirmed the source, the company has drafted a bread notification. Snap-On revealed informed those affected that the breach took place between March 1 and March 3. The notice states that “unusual activity” was discovered “in some areas of [Snap-On’s] computer systems environment.”

Snap-On took the impacted systems offline and “launched a comprehensive analysis of the incident.” The company determined that the attackers accessed and downloaded “some personal data relating to our Snap-on people.”

That personal data likely included names, social security numbers, dates of birth and employee identification numbers of Snap-On associates and franchisees.

It’s a portion of that data that the Conti gang posted on its leaks site. That data has since been removed as Bleeping Computer notes. There aren’t many reasons that a ransomware crew like Conti would remove a victim’s information.

Typically if a victim’s data disappears from such a leak site it’s because they agreed to pay the ransom and not because the hackers had a sudden change of heart. Snap-On has not yet officially confirmed whether a ransom was paid or if ransomware was even the source of the reported breach.

Turbulent Times For The Conti Gang

Conti is widely considered to be one of the most ruthless ransomware crews around. While some hackers refuse to attack schools, healthcare providers or critical infrastructure, Conti’s only real concern is that its targets can pay the ransom.

With a heavy Russian contingent, Conti also tends to stay away from targets within Russia’s borders.

Recent events in Ukraine caused a rift in the Conti gang and ultimately led to a former member leaking private chats. A few weeks later, source code for the Conti ransomware was leaked as well.

That leak also exposed the gang’s primary Bitcoin wallet address. To date, that wallet has received over 65,000 BTC in payments. At current exchange rates, that’s about $2.7 billion.

While the leaks have led to a deeper understanding of how the Conti gang operates, they don’t seem at all deterred. In addition to the claimed attack on Snap-On, Conti also struck industrial components giant Parker Hannefin recently.