Conti ransomware has struck again, this time affecting OmniTRAX, the Denver-based short line rail operator and logistics provider owned by the Broe Group. Shortly before Christmas is when the attack was suspected to have targeted the Broe Group, which decided not to pay the ransom demand. As a result, the threat actors leaked a portion of the stolen data. The preview of the data was around 70GB and included crucial internal OmniTRAX documents. While having their private company data shared publicly is potentially harmful to the company’s reputation, it looks like none of the company’s rail operations will be affected.
In order to protect against ransomware, it is advised that suspicious emails from unknown senders are not opened. If suspicious emails contain links or file attachments, they should be treated with even more care and reported to the corporate IT or security team for examination. If downloading any file to a device, especially on a corporate network, make sure it is coming from a verified source, and do not enable editing or enable content for any Office file such as Word or Excel, because that can allow malicious macros to run and infect the computer. Protect all remote access to systems with strong passwords and Multi-Factor Authentication (MFA). Keeping anti-virus protections up to date is helpful, but not sufficient to protect against targeted or emerging threats. To fully protect corporate servers and workstations, it is necessary for a Security Operations Center (SOC) to monitor unusual activity on endpoints 24/7 and investigate suspicious events to quickly stop attackers from gaining control over systems.