conti attacks NWS

Incident Date:

February 11, 2022

World map

Overview

Title

conti attacks NWS

Victim

NWS

Attacker

Conti

Location

Central, China

Hongkong, China

First Reported

February 11, 2022

New World Development Company Limited (NWD) Ransomware Attack

Company Overview

NWD is a leading property developer in Hong Kong, with a diverse portfolio of residential, commercial, and retail properties. The company has been involved in various projects, including the development of the Kai Tak Cruise Terminal and the redevelopment of the former Kai Tak Airport site.

Vulnerabilities and Targeting

The specific vulnerabilities that led to the successful attack on NWD are not publicly disclosed. However, ransomware groups often exploit weaknesses in Remote Desktop Protocol (RDP) for brute-forcing and seek out compromised credentials from criminal forums/marketplaces. Additionally, Snatch threat actors have been observed spending up to three months on a victim's system, exploiting the network and attempting to disable antivirus software.

Industry Impact

The ransomware attack on NWD highlights the growing threat of cybercrime in the Holding Companies & Conglomerates sector. As businesses increasingly rely on digital systems and networks, they become more vulnerable to cyber attacks, which can result in costly disruptions and the loss of critical information and data.

Mitigation and Response

The U.S. Department of Justice and the U.K. National Crime Agency have disrupted LockBit, a ransomware variant similar to Conti, by seizing public-facing websites and developing decryption capabilities. However, the specific response to the NWD attack is not publicly available.

The ransomware attack on New World Development Company Limited underscores the importance of robust cybersecurity measures for businesses in all sectors. As the threat landscape evolves, it is crucial for organizations to prioritize their cybersecurity and work with law enforcement to report and respond to attacks promptly.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.