The Antwerp Managed Service Provider ITxx has paid $ 300,000 to hacker group Conti. The company was hit by ransomware at the beginning of this month, causing some sixty customers in trouble. To put an end to that, the company paid the requested ransom to get its hands on the encryption keys.
“In the interest of our customers, and because experts convinced us that there was no alternative, we proceeded to pay the ransom,” Philippe van Cauwenbergh defends the decision to pay the ransom. He emphasizes that ITxx is doing everything it can to get its customers operational again as soon as possible.
The ransomware attack took place in the night from Thursday to Friday, July 2. According to cybersecurity expert Geert Baudewijns, it was immediately clear that this was the work of ‘highly specialized and sophisticated cybercriminals. The ransomware ensured that the data of 60 customers in the Human Resource (HR) and accounting sectors was encrypted. As a result, they could not access their data and were therefore forced to stop working.
ITxx writes that ‘after thorough investigation’ it appeared that paying the requested ransom was the only way out of this situation. According to security firm Secutec, company, customer or employee data was stolen by the attackers. The security of the infrastructure and customer data was in order.
According to the Flemish newspaper De Tijd, the Russian-affiliated hacker group Conti is responsible for the cyber attack. This would be the first time that the hacker collective carries out a large-scale attack in Belgium. Van Cauwenbergh confirms to VRT NWS that Conti is indeed behind the attack. After the attack, they sent an email in which the hacker group claimed responsibility.
ITxx claims to have paid $300,000 in ransom. According to De Tijd, the hackers initially demanded one and a half million dollars. Through negotiations, the IT company managed to lower the ransom amount to $300,000 in crypto coins. “We’ve been negotiating all week. For a while, we thought we could recover backups, but that didn’t work. They were also encrypted. Ultimately, we had to pay a ransom to get the data back from ourselves and from our customers,” Cauwenbergh told VRT NWS.
The Belgian Data News writes that customers voluntarily paid to put the ransom on the table. ITxx had not asked for this, emphasizes Steven Holvoet, director of the IT company. “Right from the start, some customers have indicated that they would like to contribute if that helps to recover the data faster. We have never asked customers to help us pay, but if customers were willing to do so, we could. Although we have not mentioned an amount for that ourselves.”
He says he is not proud that ransom has been paid. According to Cauwenbergh, the ‘last lifeline was to get the data back. “We have engaged two companies. They have read everything. This was the only option to ensure continuity for our customers. Of course, this is not the first thing that comes to your mind, but at a certain moment you have no other choice.”
Van Cauwenbergh realizes that by paying the ransom he may be setting a dangerous precedent. At the same time, he thinks this will happen more often in the future. “This will remain a difficulty in the future. It was pay or endanger our customers and we can’t do that.”
He states that it can happen to any company, no matter how well you protect your business. “We understand that we suffer image damage, but we cannot be blamed. Anyone can fall prey to the criminal activities of organized crime. No matter how well you are protected, everyone is potential prey.”
ITxx is not Conti’s first victim. The hacker group carried out a ransomware attack on the Health Service Executive (HSE), Ireland’s national health service, in mid-May. They managed to penetrate HSE’s network and install ransomware. They allegedly stole 700 GB of confidential data. Conti allegedly demanded $20 million to not disclose the stolen data and to make the 2,000 affected IT systems accessible again. Irish Prime Minister Micheál Martin said from the outset that he would not pay a ransom.
Catch up on more articles here
Follow us on Twitter here