The retail industry is a priority target to ransomware gangs due to the amount of personal information and financial information they store. It is no surprise, therefore, that a large company like KP has been the focus and victim of a targeted ransomware attack. Attackers know that larger companies with a large supply chain will want to get their operations back on track, so the likelihood of them paying the ransom is high. KP now has to make the difficult decision as to whether or not they pay it.
The Conti ransomware gang has been prolific recently, with Delta Electronics also being a victim of their attack within the last week. Conti is known to use advanced techniques in their attacks- for example, they were one of the first groups to weaponise Log4Shell vulnerability after it became public.
International law enforcement is cracking down on and dismantling ransomware gangs, and with plenty of operations being made in the last few months, ransomware operations are becoming more careful. Although Conti Ransomware is a “recent threat”, active since 2020, it’s considered the successor of the Ryuk Ransomware gang, that was active since 2018. This rebranding, very common in ransomware gangs nowadays, is a result of the need to cover their tracks and cool down after getting too much media attention, especially after a big attack that attracts lots of media and law enforcement attention. But even with those efforts, Conti remains one of the most dangerous active ransomware gangs nowadays.
Organisations must be vigilant even with the progress of law enforcement, as ransomware groups learn which industries and companies are more likely to pay ransomware demands. Ransomware operations as big as Conti find new targets almost every day.
While we don’t yet know how exactly the infection vector used in KP’s attack, organisations can better prepare for attacks such as this one by implementing Zero Trust policies such as network segmentation. Segmenting the networks and certain data, assuming all connections can be compromised, can restrain threat actors from moving freely across a network. Zero Trust increases the chance of detecting an ongoing attack, and (if well implemented) minimizes the damages caused by cybersecurity incidents.