Sandhills Global operations and websites shut down due to Conti attack

Ransomware attack disrupted operations: Nebraska firm had to shut down several systems to protect data

Firm in Nebraska offline due to a virus attackAllegedly Conti ransomware knocks many publications offline

Conti ransomware is, allegedly, to blame for the attack on the company controlling online farm equipment and land auction service sites.[1] Sandhills Global admitted that hosted websites became inaccessible and operations got disrupted due to the ransomware attack.[2] The company is a US-based business catering to the transportation, agriculture, aircraft, heavy machinery, technology industries. For a few days, the website for Sandhills Global and other hosted publications got forced to go offline. Phones also stopped working. At the time of writing, the main site is still not accessible.

Publications related to the company like Truck paper, TractorHous, AuctionTime, HiBid, RentalYard, Motorsports Universe, CraneTrader, MarketBook, RV Universe, Oil Field Trader, Aircraft, and many more are no longer accessible. Multiple sources state that Conti ransomware[3] is the one responsible for the attack and the outage.

Ransomware took over the system early Thursday morning and caused the shut down of all IT systems. The allegedly responsible Conti virus is one of the many dangerous threats focused on a wide range of attacks on high-profile companies in various industries. This ransomware made headlines due to the attack on JVCKenwood this week too.[4]

Sites are still down while it is not determined if client data got accessed

The company hasn't revealed any details about the attack. There are no reports on whether the data got accessed or not and how the ransomware tried to get money from the company. Normally such threats encrypt networks or the system of the computer and lock data using the powerful algorithm. Then the threat actor can reveal stages of file recovery, including the payment methods, amount. The sum gets demanded in exchange to the decryption tool.

While the company works on investigations and relies on cyber security experts who can prevent IT system damage and the spreading of the attack, customers got the only email from the company:

Sandhills Global is currently responding to a ransomware attack that impacted our operations. Systems and operations have been temporarily shut down to protect data and information, and we have retained cybersecurity experts to assist us with the investigation, which is ongoing. We are working actively and diligently with the assistance of our retained experts to fully restore operations.

At this time, we are continuing to investigate whether any of our client's information has been accessed or impacted by this incident. At this time, we have not discovered evidence that confirms that customer information has been compromised. Please know that our clients are our number one priority and we are working diligently to restore operations and remediate the attack. At this time, our ability to respond to your messages may be delayed. We appreciate your patience and deeply regret any inconvenience this may cause.

We will provide updates regarding this matter and the status of our services as soon as possible.

Conti ransomware not going to be stopped

Threat actors behind the well-known Conti ransomware are gaining attention in various media because of the attack campaigns. Recently JVCKenwood suffered the attack and criminals claim to have stolen at least 1.7 TB of data from the network and asked for $7 million from the multinational electronics company. Officials disclosed that servers related to sales in Europe got breached on September 22 and various sensitive data got accessed. Such infection can end with full outages and data breaches.[5]

Conti ransomware gang already caused major issues and damaged businesses all over the world. The particular ransomware creators typically target the healthcare sector, emergency medical services.[6] However, such malware can be created to aim at any profitable target. CISA, FBI, other agencies released major reports warning about the tactics and malicious actors behind the threat.

The infection even managed to get to backups and cloud storage.[7] These options often are the only ones available for the victim of the file-locker because decryption tools take too long to get developed from scratch. Backups can be a great obstacle for ransomware because businesses manage to resume their operations using data backups instead of paying the large sums that criminals might ask for. It is not surprising that backup solutions become a common target, methods include backup damage. However, it is very dangerous and concerning that cryptocurrency-extortion-based infections become more and more advanced.

About the author
Ugnius Kiguolis
Ugnius Kiguolis - The mastermind

Ugnius Kiguolis is a professional malware analyst who is also the founder and the owner of 2-Spyware. At the moment, he takes over as Editor-in-chief.

Contact Ugnius Kiguolis
About the company Esolutions