conti attacks NWS
Incident Date:
February 11, 2022
Overview
Title
conti attacks NWS
Victim
NWS
Attacker
Conti
Location
First Reported
February 11, 2022
New World Development Company Limited (NWD) Ransomware Attack
Company Overview
NWD is a leading property developer in Hong Kong, with a diverse portfolio of residential, commercial, and retail properties. The company has been involved in various projects, including the development of the Kai Tak Cruise Terminal and the redevelopment of the former Kai Tak Airport site.
Vulnerabilities and Targeting
The specific vulnerabilities that led to the successful attack on NWD are not publicly disclosed. However, ransomware groups often exploit weaknesses in Remote Desktop Protocol (RDP) for brute-forcing and seek out compromised credentials from criminal forums/marketplaces. Additionally, Snatch threat actors have been observed spending up to three months on a victim's system, exploiting the network and attempting to disable antivirus software.
Industry Impact
The ransomware attack on NWD highlights the growing threat of cybercrime in the Holding Companies & Conglomerates sector. As businesses increasingly rely on digital systems and networks, they become more vulnerable to cyber attacks, which can result in costly disruptions and the loss of critical information and data.
Mitigation and Response
The U.S. Department of Justice and the U.K. National Crime Agency have disrupted LockBit, a ransomware variant similar to Conti, by seizing public-facing websites and developing decryption capabilities. However, the specific response to the NWD attack is not publicly available.
The ransomware attack on New World Development Company Limited underscores the importance of robust cybersecurity measures for businesses in all sectors. As the threat landscape evolves, it is crucial for organizations to prioritize their cybersecurity and work with law enforcement to report and respond to attacks promptly.
Sources
- New World Development Company Limited. (n.d.). Home. Retrieved April 10, 2024, from https://www.nwd.com.hk/
- U.S. Department of Justice. (2024, February 20). U.S. and U.K. Disrupt LockBit Ransomware Variant. Retrieved April 10, 2024, from https://www.justice.gov/opa/pr/us-and-uk-disrupt-lockbit-ransomware-variant
- CISA. (2023, September 20). Snatch Ransomware. Retrieved April 10, 2024, from https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-263a
- Reuters. (2023, December 19). US officials seize extortion websites; ransomware hackers vow more attacks. Retrieved April 10, 2024, from https://www.reuters.com/technology/cybersecurity/us-officials-say-they-are-helping-victims-blackcat-ransomware-gang-2023-12-19/
- FBI. (n.d.). Ransomware. Retrieved April 10, 2024, from https://www.fbi.gov/how-we-can-help-you/scams-and-safety/common-scams-and-crimes/ransomware
- U.S. Government. (2021, July 15). U.S. Government Launches First One-Stop Ransomware Resource at StopRansomware.gov. Retrieved April 10, 2024, from https://www.justice.gov/opa/pr/us-government-launches-first-one-stop-ransomware-resource-stopransomwaregov
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.