Panasonic logo sign on building showing Conti ransomware attack

Panasonic Admits Suffering a Second Cyber Attack in 6 Months With Conti Ransomware Gang Claiming Responsibility

Japanese tech company Panasonic disclosed that it was the victim of a “targeted cyber attack” on its Canadian operations. According to malware analysis group VX Underground, the Conti ransomware group claimed responsibility for the attack. The group claims to have stolen 2.8 gigabytes of data from Panasonic Canada.

The February attack was the second to devastate the company within six months. In November 2021, Panasonic Japan disclosed that a third party had breached its network and accessed files on its servers.

The company disclosed in January 2022 that the attack leaked the personal information of job candidates and interns.

According to the Japanese media outlet NHK, the illegal access lasted from June to November 2021.

Similarly, Panasonic Corporation India suffered a cyber attack in December 2020, leaking 4 GB of financial information.

Conti ransomware group leaks files allegedly stolen from Panasonic

Conti ransomware group started sharing allegedly stolen documents on its leak site. The dump includes files and spreadsheets reportedly stolen from the HR and accounting departments. Some of the documents had names like “HR Global Database” and “Budget.”

Panasonic hasn’t disclosed the hacking group’s identity or ransomware demands, the intrusion method, the nature of the information stolen, or the number of potential victims.

However, the company says the attack affected the Canadian operation, which employs 400 people and is part of the North American segment.

Panasonic spokesperson Airi Minobe told TechCrunch that the company “took immediate action to address the issue with assistance from cybersecurity experts and our service providers.”

Its response “included identifying the scope of impact, containing the malware, cleaning and restoring servers, rebuilding applications and communicating rapidly with affected customers and relevant authorities.” This description perfectly resembles a ransomware attack response.

Minobe added that efforts to restore operations were still in progress, although the top priority was to mitigate the impacts of the suspected Conti ransomware attack.

“Since confirming this attack, we have worked diligently to restore operations and understand the impact to customers, employees, and other stakeholders,” Minobe said. “Our top priority is continuing to work closely with affected parties to fully mitigate any impacts from this incident.”

Conti ransomware still significant cyber threat

Conti ransomware has emerged as a leading threat actor despite existing for just two years, making about $180 million in 2021, according to Chainalysis Crypto Crime Report.

Operated by the Wizard Spider group based in St. Petersburg, Russia, Conti is the predecessor of the Ryuk ransomware. Conti’s attack vectors include Trickbot and Cobalt Strike.

Conti ransomware compromises its victims via spearphishing campaigns involving infected attachments, compromised RDP credentials, common vulnerabilities, infected software, and malware distribution networks such as ZLoader.

In 2021, CISA warned about Conti targeting healthcare and first responder networks and increased Conti ransomware attacks domestically and internationally.

“Panasonic being hit twice by data breaches in less than six months reinforces the notion that data is now a currency that not only drives companies, but hackers too,” Amit Shaked, CEO and co-founder, Laminar. “The sheer amount of sensitive data now available in the cloud is staggering and only increasing. The problem is most security teams have no idea where their sensitive data is in the cloud and the old adage remains true, you can’t protect what you don’t see.”

Shaked advises organizations to gain “complete data observability” and adopt a data-centric approach to security. “Doing so helps security teams understand where an organization’s most sensitive data is, whether or not it has proper controls in place and if it is being monitored or not,” he concluded.