conti attacks TIG
Incident Date:
March 18, 2022
Overview
Title
conti attacks TIG
Victim
TIG
Attacker
Conti
Location
First Reported
March 18, 2022
Gesswein Manufacturing Company Suffers Ransomware Attack
Gesswein, a family-owned and operated company in the manufacturing sector, has been targeted by the ransomware group Conti. The attack was announced on the group's dark web leak site. The company, which has been in operation for over 100 years, specializes in mold polishing and offers a comprehensive product line of over 15,000 innovative tools and equipment.
Company Size and Industry Standout
Gesswein is a mid-sized business with reported revenues of up to $50 million, making it a common target for ransomware attacks. In the manufacturing sector, the company stands out for its extensive product line and long-standing industry expertise.
Vulnerabilities and Attack Vectors
The attack on Gesswein highlights the importance of addressing vulnerabilities in software and applications used by the business. According to a 2022 Unit 42 Incident Response Report, 48% of ransomware cases began with software vulnerabilities. In 2023, threat actors increasingly exploited unknown and day-one vulnerabilities in their attacks, with some ransomware operators focusing solely on stealing sensitive data and extorting victims by threatening to sell or leak the data.
The attack on Gesswein underscores the need for organizations to prioritize patching of newly disclosed vulnerabilities and to understand the adversary, threat surfaces, techniques used, and the products, processes, and people required to stop a modern ransomware attack.
Sources
- Ransomware Fact Sheet - Internet Crime Complaint Center (IC3) https://www.ic3.gov/Media/Y2019/PSA191002
- What Are Ransomware Attacks? - Palo Alto Networks https://www.paloaltonetworks.com/cyberpedia/what-is-ransomware
- Ransomware Victims Surge as Threat Actors Pivot to Zero-Day Exploits - DarkReading https://www.darkreading.com/attacks-breaches/ransomware-victims-surge-as-threat-actors-pivot-to-zero-day-exploits
- Unpatched Vulnerabilities: The Most Brutal Ransomware Attack Vector - Sophos News https://news.sophos.com/en-us/2020/01/28/unpatched-vulnerabilities-the-most-brutal-ransomware-attack-vector/
- What is Ransomware | Attack Types, Protection & Removal | Imperva https://www.imperva.com/learn/application-security/ransomware-attack/
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.