conti attacks TIG

Incident Date:

March 18, 2022

World map



conti attacks TIG






Bridgeport, USA

Connecticut, USA

First Reported

March 18, 2022

Gesswein Manufacturing Company Suffers Ransomware Attack

Gesswein, a family-owned and operated company in the manufacturing sector, has been targeted by the ransomware group Conti. The attack was announced on the group's dark web leak site. The company, which has been in operation for over 100 years, specializes in mold polishing and offers a comprehensive product line of over 15,000 innovative tools and equipment.

Company Size and Industry Standout

Gesswein is a mid-sized business with reported revenues of up to $50 million, making it a common target for ransomware attacks. In the manufacturing sector, the company stands out for its extensive product line and long-standing industry expertise.

Vulnerabilities and Attack Vectors

The attack on Gesswein highlights the importance of addressing vulnerabilities in software and applications used by the business. According to a 2022 Unit 42 Incident Response Report, 48% of ransomware cases began with software vulnerabilities. In 2023, threat actors increasingly exploited unknown and day-one vulnerabilities in their attacks, with some ransomware operators focusing solely on stealing sensitive data and extorting victims by threatening to sell or leak the data.

The attack on Gesswein underscores the need for organizations to prioritize patching of newly disclosed vulnerabilities and to understand the adversary, threat surfaces, techniques used, and the products, processes, and people required to stop a modern ransomware attack.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.