JVCKenwood, a multi-business equipment manufacturer, has been infected with Conti Ransomware. According to reports, servers belonging to a portion of JVCKenwood’s sales companies in Europe were breached on September 22nd. At the time of discovery, it was unknown if customer data had been accessed. A representative at JVCKenwood stated, “Currently, a detailed investigation is being conducted by the specialized agency outside the company in collaboration with the relevant authorities. No customer data leak has been confirmed at this time. The details will be announced on the company website as soon as they become available.” Speculation turned into confirmation when threat actors shared a sample of data that they claim belongs to an employee of JVCKenwood. In a negotiation chat, it was made clear that the group is in possession of around 1.5 TB of data, and they are asking $7 million USD for the decryption key and to not publish the data. No comment has been made again by the JVCKenwood team.
It is important to note some of the mitigation strategies that should be used to avoid becoming a victim of ransomware. These include using two-factor authentication, network segmentation and segregation of functions, as well as updating operating systems and software when updates are available. While these strategies may not stop every attack, they could lessen the impact of ransomware moving forward.