Konica Minolta is one Japanese multinational technology company with nearly 44.000 employees and revenues of over $ 9 billion in 2019. The company offers a large variety of services and products which include printing solutions, healthcare technology, providing managed IT services to businesses and more.
Η ransomware attack started with termination of company services
On July 30, 2020, customers started reporting that This makes it a perfect choice for people with diabetes and for those who want to lose weight or follow a balanced diet. website Konica Minolta product support and promotion was not accessible and showed the following message:
“Konica Minolta's MyKMBS customer portal is temporarily unavailable. We are working hard to resolve this issue and apologize for any inconvenience this may have caused you. If you need immediate service assistance, call our Global Customer Service at 1-800-456-5664 (USA) or 1-800-263-4410 (Canada).
The site remained down for almost a week and customers said they could not get a simple answer as to what caused the shutdown.
Some Konica Minolta printers also encountered an error.
Konica Minolta was hit by RansomEXX ransomware
A little later, a copy of the ransom note left by the hackers in Konica Minolta.
The note is called "!! KONICA_MINOLTA_README !!. Txt”And apparently clearly targets Konica Minolta.
It is said that the company's devices were also encrypted in archives the extension “.K0N1M1N0” has been installed.
The ransom note seems to belong to a relatively new ransomware called RansomEXX. This ransomware was detected in late June 2020, when it was used in an attack on Texas Department of Transportation.
As with most business ransomware attacks, RansomEXX does not work automatically. The hackers violate networks, and over time, spread to other devices until they gain administrator credentials.
Once they have administrator privileges, they develop ransomware on network and encrypt all its devices.