According to BleepingComputer, Asteelflash, a leading French electronics manufacturing services company, has suffered a cyberattack by the REvil ransomware gang who is demanding a $24 million ransom.

Asteelflash is a world-leading French electronics manufacturing services (EMS) company that specializes in the design, engineering, and printing of printed circuit boards.

While Asteelflash has not publicly disclosed an attack, BleepingComputer found this week a sample of the REvil ransomware that allowed access to the Tor negotiation page for their cyberattack.

This page shows that the REvil ransomware group, also known as Sodin and Sodinokibi, was initially demanding a $12 million ransom, but as the time limit expired, the ransom doubled to $24 million.

The Tor payment site showed a brief conversation between the REvil threat actors and Asteelflash. As part of this conversation, the threat actors shared a file named ‘asteelflash_data_part1.7z’ that was shared to prove that files were stolen during the attack. Metadata of some of the shared files show that Asteelflash employees authored them.

At this point, the conversation between the two parties has stalled and there are no details about the company’s intentions regarding the ransom.

 

REvil’s relentless attacks on enterprise business continues to disrupt operations. Our ShadowSpear® Platform was created with these businesses in mind. It can be scaled to any size or industry. In addition to this highly effective endpoint detection and response tool, our security operations center full of security engineers works in tandem with the tool. Technology is great, but the value comes from the people operating it and responding to your incidents.

Although, it hasn’t been confirmed if REvil encrypted data upon entry to the environment, their usual pattern, along with many other ransomware operators, is to encrypt files and threaten the company with the release of the data. This isn’t a new tactic as it’s been implemented time and time again over the last year. Our engineers expect this trend to continue given its success rate, so now, is the time to invest in a security operations center. By engaging with SpearTip you’ll be able to mitigate threats and ensure your business operations aren’t hindered dramatically.

SpearTip’s security operations center runs 24/7 and will provide your organization with continuous monitoring to ensure threats are mitigated instantly at any moment. The engineers in our SOC also work hand-in-hand with our proprietary endpoint detection and response tool, ShadowSpear®, where organizations can view their risk profile and communicate with our experts with complete transparency.