SECURITY
SECURITY
SECURITY
VOIP hardware and software maker Sangoma struck by ransomware attack
Canadian voice over IP hardware and software maker Sangoma Technologies Corp. has been struck by a ransomware attack.
The company, which offers products such as FreePBX and Switchbox and is also the owner of Asterix provider Digium Inc., disclosed the attack in a statement on Dec. 24. It said the ransomware targeted one of the company’s servers. The company added that private and confidential data stolen during the attack had been posted online, but it has no initial indication that customer accounts were compromised.
Sangoma said that it has launched a comprehensive investigation to fully ascertain the extent of the data breach and it’s working closely with outside cybersecurity experts. Customers are being advised to change their Sangoma passwords as a precaution.
Bleeping Computer reported that the attack involved Conti ransomware, the same used in an attack targeting industrial computer manufacturer Advantech Co. Ltd. in November. The Conti ransomware gang has published more than 26 gigabytes of data alleged to have been stolen from Sangoma on its data leak site. The data collection includes the company’s accounting, financials, acquisitions, employee benefits and salary, and legal documents.
Conti ransomware, which shares code with the better known Ryuk ransomware, runs through a typical list of behaviors. After gaining access to a network, it steals files before encrypting them, demanding a ransom payment in return for both a decryption key and a promise not to publish the stolen data.
Sangoma hasn’t disclosed exactly when the ransomware attack took place, but given that the data was published the day before the company said it had been targeted, it’s likely that the attack took place earlier in December with no ransom being paid, hence the publication of the stolen data.
Conti is known to be distributed by the Trickbot botnet. It dates back to 2016 and is believed to exist on a network of more than 1 million machines. TrickBot was incorrectly claimed by the media Oct. 12 to have been taken down by Microsoft Corp., but as noted at the time, Microsoft only said it had disrupted the bot. The fact that more companies are being affected is proof that TrickBot is back.
Conti ransomware, along with Ryuk, were named in an advisory from various U.S. government agencies Oct. 29 as being used to target hospitals and healthcare providers.
Photo: Raysonho/Wikimedia Commons
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
