conti attacks iTCo Solutions Ltd

Incident Date:

February 13, 2022

World map

Overview

Title

conti attacks iTCo Solutions Ltd

Victim

iTCo Solutions Ltd

Attacker

Conti

Location

Hinemoa, New Zealand

Rotorua, New Zealand

First Reported

February 13, 2022

ITCO Solutions Ltd Ransomware Attack

Overview of the Incident

ITCO Solutions Ltd, a New Zealand-based software solutions provider, recently fell victim to a ransomware attack orchestrated by the Conti group. This incident was disclosed on the group's dark web leak site. ITCO Solutions, with its headquarters in Rotorua, New Zealand, employs a team of 25 and offers a range of services including cloud-based business software, Microsoft product subscriptions, and comprehensive IT support. The company caters to businesses throughout New Zealand, aiming to streamline computing costs, inventory management, financial operations, and point of sale systems.

Technical Vulnerabilities Exploited

The specific vulnerabilities that facilitated this attack have not been detailed. Nonetheless, it is widely recognized that ransomware attacks frequently leverage weaknesses such as outdated software, unpatched systems, and insufficient password security. In the case of ITCO Solutions, the company's use of legacy operating systems, including Windows 7 for computers and Windows Server 2008 & 2012 for servers, likely played a role in the breach.

Conti Ransomware Group's Modus Operandi

The Conti ransomware group, notorious for its attacks on diverse sectors such as healthcare, manufacturing, and government agencies, demands ransom in exchange for decryption keys. Additionally, they threaten to release stolen data publicly if their demands are not met. This attack on ITCO Solutions Ltd underscores the persistent threat posed by ransomware, which has seen 71% of organizations globally experiencing at least one attack in 2022. The average total cost of these attacks has soared to $4.3 million, with many ransomware variants now engaging in double-extortion tactics by exfiltrating data prior to encryption.

Preventative Measures and Recommendations

The National Cyber Security Centre (NCSC) offers comprehensive guidance on mitigating the risks of malware and ransomware attacks. Key recommendations include regular software updates, user education on potential threats, and the development of robust incident response plans. These measures are critical in safeguarding against the evolving tactics of ransomware groups.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.