Exagrid, a backup storage services provider that claims to offer the industry’s best ransomware recovery service, recently paid $2.6 million in ransom to hackers who used the Conti ransomware to infiltrate the company’s systems and download around 800GB of data.
Headquartered in Marlborough, Massachusetts, Exagrid is a leading provider of backup and recovery services to organizations, offering various applications to support tiered backup storage and long-term data retention. The company runs tech support centres in North America, Europe, and Asia Pacific to service corporate customers.
According to ComputerWeekly, Exagrid was forced into paying a ransom of $2.6 million in Bitcoin in May after hackers used the Conti ransomware to encrypt the company’s servers and exfiltrate as much as 800GB of data, including the personal data of clients and employees.
After encrypting the company’s servers, the hackers contacted the company to inform them about the hack, claimed they had encrypted file servers and SQL servers, downloaded up to 800GB of data and commanded the company to pay $7,480,000 as ransom to obtain the decrypter.
The hackers also claimed that they had exfiltrated the personal and financial data of Exagrid’s clients and employees, including “commercial contracts, NDA forms, financial data, tax returns and source code.” They also shared data with the company during the negotiation phase to prove they had access to critical data.
Following a long-drawn negotiation with the hackers, Exagrid finally agreed to pay $2.6 million in Bitcoin and made the payment on 13 May, soon after which the hackers sent a decryption key to the company to help them regain access to encrypted servers.
The fact that Exagrid chose to pay a hefty ransom to the operators of Conti ransomware indicates that despite offering best-in-class backup and ransomware recovery services to organisations worldwide, the company did not have sufficient backups to recover from such an attack without having to pay a ransom. The company is yet to issue a statement in regard to the ransomware attack.
The fact that a large number of organisations are ill-prepared to defend against modern ransomware attacks is vindicated by the fact that many organisations, including critical infrastructure operators, chose to pay ransom in the millions in May to regain access to data. This also indicates that hackers usually have the upper hand during negotiations as companies are simply unable to recover their lost data without obtaining a decryption key.
In March, CNA Financial, one of the United States’ largest insurance companies, paid a record $40 million to hackers in ransom after suffering a ransomware attack. German chemical distribution company Brenntag also paid $4.4 million in Bitcoin to the DarkSide ransomware gang in May after the gang stole up to 150GB of data, including unencrypted files from its corporate servers in North America.
In the same month, the DarkSide ransomware gang also succeeded in extracting a ransom of nearly $5 million from U.S. pipeline giant Colonial Pipeline. Considering that the company supplies around 45% of all fuel in the east coast region, the ransomware attack led to a major crisis in the distribution of fuel and gas in the region, forcing President Biden to issue an Executive Order to restore essential services.