May 28, 2023

Following the outage of Xerox, Canon, Now another major Konica Minolta also hit by an outage. This time it’s not Maze but it’s new variant Ransom X.

Japan-based business technology giant Konica Minolta was hit by a new ransomware strain, which brought its services down for almost a week.

On July 30, customers reported not being able to access the company’s product supply and support site, met instead with a “service temporarily unavailable” message. Soon after, the company’s printers also started displaying a “Service Notification Failed” error.

However, an anonymous source soon shared the ransom message, entitled !!KONICA_MINOLTA_README!!.txt. The note explains the company’s data was “fully encoded” and that the firm should not contact law enforcement agencies, who might block the ransom payment.

The group behind the attack reportedly used RansomEXX ransomware, a relatively new malware that needs to be operated manually and does not have the ability to steal files.

This means whoever is behind the attack needed to compromise the company’s network first, map out and infiltrate all of the devices and then run the malware.

Like other enterprise-targeting ransomware operations, RansomEXX is human-operated, which entails threat actors compromising a network, and over time, spreading to other devices until they gain administrator credentials.

Once they gain admin rights and access to the Windows domain controller, they deploy the ransomware on the network and encrypt all of its devices.

Leave a Reply

%d bloggers like this: