Sangoma Technologies, the Canadian VoIP company has been hit by a ransomware attack. The company sells products like Switchbox and FreePBX and owns Asterix provider Digium. It disclosed the attack in a statement, on Christmas Eve and said the ransomware targeted the company’s servers.
The company states that private and confidential data was stolen and had been posted online for all to see. However, there was no indication of whether customer accounts were compromised.
Sangoma said that it has launched a comprehensive investigation involving outside cybersecurity experts, to ascertain just how far the data breach goes.
Attack of the Conti
Customers of the company are being asked to change their passwords, just as a precaution. Bleeping Computer reported that the attack used Conti ransomware, the same kind deployed on industrial computer maker, Advantech in November.
The Conti ransomware gang has published over 26GB of data that they allegedly stole from Sangoma, on their data leak website.
The data collection has information about the company’s accounting, employee benefits and salaries, financials, legal documents, and acquisitions. Conti shares code with the more renowned Ryuk ransomware, and runs through a list of behaviors when deployed on a network.
Trickbot never left
After gaining access to a network, it will copy files and encrypt them, before making a demand for ransom, which supposedly will decrypt the information, plus a promise not to publish the stolen information.
Conti is distributed by a botnet known as Trickbot and dates back to 2016. Today, it is believed to be in more than 1 million machines. On October 12th, the media incorrectly reported that Trickbot was taken down by Microsoft.
The software giant clarified by saying that it had only disrupted the botnet. The proof that Trickbot is back, is this attack on Sangoma.