conti attacks Snap-on Incorporated

Incident Date:

April 10, 2022

World map



conti attacks Snap-on Incorporated


Snap-on Incorporated




Pregelstraye, Germany

Ennepetal, Germany

First Reported

April 10, 2022

Snap-on Incorporated Suffers Ransomware Attack by Conti Group

Snap-on Incorporated, a high-end tools manufacturer, has been targeted by the notorious Conti ransomware group, which claimed responsibility for the attack on the company's website. The company, which operates in the manufacturing sector, has a significant presence in the automotive, aviation, marine, railroad, and heavy-duty industries.

Company Overview

Snap-on Incorporated is a leading manufacturer and designer of tools, software, and diagnostic services used by the transportation industry. The company operates through various brands, including Mitchell1, Norbar, Blue-Point, Blackhawk, and Williams. Snap-on's data breach notification did not provide much detail about the attack, but it did reveal that personal data belonging to employees was stolen between March 1st and March 3rd, 2022.

Vulnerabilities and Impact

The attack on Snap-on Incorporated highlights the vulnerabilities of companies in the manufacturing sector to cyber threats. The Conti ransomware gang gained access to Snap-on's network through a BazarLoader or TrickBot malware infection, which provided remote access to the hacking group. Once inside, the group spread through the network, stole data, and deployed the ransomware.

The attack resulted in the exposure of personal information, including names, birth dates, Social Security numbers, and employee identification numbers. Snap-on has launched an investigation into the incident and has notified law enforcement of the incursion. The company has also offered a free one-year subscription to the IDX identity theft protection service for those affected.

Conti Ransomware Group

The Conti ransomware group is known for its high-profile attacks on various organizations, including Ireland's Health Service Executive (HSE) and Department of Health (DoH), the City of Tulsa, Broward County Public Schools, and Advantech. The group has suffered its own data breach after siding with Russia over the invasion of Ukraine, leading to the publication of almost 170,000 internal chat conversations between the Conti ransomware gang members and the Conti ransomware source code.

The attack on Snap-on Incorporated serves as a reminder of the ongoing threat of ransomware attacks on companies in the manufacturing sector. It is crucial for organizations to implement robust cybersecurity measures to protect against such threats and to have a plan in place for responding to and recovering from an attack.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.