American cookware distributor Meyer Corporation has suffered a ransomware attack that reportedly affected “thousands” of its employees.
The company has said it suffered a ransomware attack on October 25, 2021, with the threat actors deploying the Conti variant against the company’s endpoints.
The news followed an internal investigation that discovered the attackers made away with enough personally identifiable information on Meyer employees to be able to properly steal their identities.
We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn't take more than 60 seconds of your time. Thank you for taking part.
Data pending release
More specifically, they took full names, physical addresses, birthdates, gender and ethnicity information, Social Security numbers, health insurance information and data on employee medical conditions, random drug screening results, Covid vaccination cards, driver’s licenses, passport data, government ID numbers, permanent resident cards, immigration status information, and information on dependents.
While Meyer did not detail which ransomware variant was used in the attack, or how its network got compromised, BleepingComputer found a listing on the Conti extortion site, dated November 7, 2021. On the listing, 2% of the entire database was posted, as proof of the batch’s authenticity.
Given that it’s been almost four months since the data was stolen, the attackers were either paid for the data, lost interest in publishing it, or are still negotiating a deal with Meyer.
Whatever the reason, Meyer Corporation has now informed the U.S. Attorney General offices of the data breach.
The Conti ransomware group has become quite active in recent weeks, thanks possibly to top members of the notorious TrickBot malware family reportedly joining forces with the ransomware syndicate.
What sets Conti apart from other ransomware gangs is that it uses a “trust-based, team-based” model as opposed to working with random affiliates. As a result, the group has been better at evading law enforcement than many of its peers.
Going forward, the Conti ransomware group plans to use TrickBot's newer product, the BazarBackdoor malware, as it is stealthier and harder to detect. Although BazarBackdoor used to be a part of TrickBot's larger toolkit, it has since become its own fully autonomous tool security researchers are saying.
- Here's our rundown of the best firewalls right now
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.