Several gigabytes of information stolen from US industrial giant Parker Hannifin have been leaked by the Conti ransomware group.
Parker Hannifin is an American corporation (and a Fortune 250 company) specializing in motion and control technologies, with corporate headquarters in Mayfield Heights, Ohio, in Greater Cleveland. The company provides precision engineered solutions for organizations in the aerospace, mobile, and industrial sectors.
Parker Hannifin Breach and Ransomware Attack: What Happened?
Apparently, the company detected a breach in its systems on March 14, and shut down some systems to launch an investigation. The investigation involves law enforcement and cybersecurity and legal experts.
What has been confirmed so far? Parker said that some data had been accessed and stolen, including the personal information of employees.
The company also released an official statement:
Based on its preliminary assessment and on the information currently known, the incident has not had a significant financial or operational impact and the Company does not believe the incident will have a material impact on its business, operations or financial results. The Company’s business systems are fully operational, and the Company maintains insurance, subject to certain deductibles and policy limitations typical for its size and industry.
Even though it hasn’t been officially confirmed, cybersecurity experts believe that at fault for the breach is the Conti ransomware group. According to an independent SecurityWeek investigation of the sites of major ransomware groups, Conti criminals have taken the credit for the attack on Parker.
Reportedly, the cybercrime collective has published more than 5 Gb of archive files containing documents stolen from Parker, and that may be only a small fraction of the total data they have obtained, SecurityWeek said. The Conti website claims that only 3% of the stolen data has been leaked.
Conti Criminals in Various Extortion Scenarios
It is noteworthy that in September 2021, Conti was updated with the capability to destroy victims’ backups.
How did this tactic work? The ransomware operators used their network intruders or pentesters to ensure access to on-premise and cloud backup tools. In the case we wrote about last September, Conti was after Veeam privileged users, aiming to further blackmail their victims and leave them with no way to recover their data.
These are examples of the so-called double extortion tactic, in which ransomware victims are terrorized by exfiltrating their data with the promise to leak it, unless the ransom demands are met. To top that off, there’s also the triple extortion technique, in which criminals demand ransom payments from the victim’s customers, partners, and other third parties related to the initial attack.
Ransomware Is a Lucrative Business
How do ransomware criminals succeed in such endeavors? It’s simple. Ransomware itself is a very lucrative business. An analysis conducted by incident response firm BreachQuest revealed that the Conti group spent approximately $6 million on employee salaries, tools, and professional services in the past year alone.
What is going to happen with Parker Hannifin? We will follow the story and update it with new information, when such is available.