A Conti ransomware assault has attacked JVCKenwood, a Japanese multinational company that specializes in both automobile and home electronics, with hackers claiming to have taken 1.7 TB of the company’s data and demanding a $7 million ransom for a file decryptor. On September 22nd, servers belonging to JVCKenwood’s European sales organizations were hacked, and threat actors may have accessed data as a result of the incident.

JVCKenwood said on its website that it discovered illegal access to servers controlled by several of the JVCKenwood Group’s sales organizations in Europe on September 22, 2021, and that “there was a chance of information leak by the third party who made the unlawful access.” A full investigation was being done by an outside specialized agency in coordination with appropriate authorities as of the end of September 2021, and no consumer data loss had been confirmed. “As soon as the information are ready, they will be posted on the corporate website,” the company added.

While JVCKenwood declined to comment on the nature of the incident, a ransomware letter sent to Bleeping Computer by a source suggests the Conti ransomware group was responsible.

According to The Record, after details of their ransom negotiations were leaked to reporters and then posted online, the Conti ransomware gang issued a statement announcing that, from now on, if details or screenshots of the ransom negotiations process are leaked to journalists, they will publish files stolen from compromised companies.

“For instance, yesterday, we have found that our chat with JVCKenwood whom we hit a week ago got reported to the journalists. Despite what is said in the article, the negotiations were going in accordance with a normal business operation. However, since the publication happened in the middle of negotiations it resulted in our decision to terminate the negotiations and publish the data. JVCKenwood has been already informed. Moreover, this week we have once again spotted screenshots from our negotiation chats circulating over social media,” the group wrote in a post on its leak website.

The gang said it would take action against companies and researchers who leak screenshots of its ransom negotiations chats to reporters:

1. If we detect a clear evidence of our negotiations being transmitted to the media, we’ll end them and dump all the files on our blog. We are the top team, and you can look up our revenue estimates on Google. Only because of our excellent reputation was this feasible. As a result, if we need to sacrifice another ten million dollars to reduce the negotiations but safeguard our reputation, don’t worry — we’ll do it.

2. If our chats are made public, we will dump your files as well. If this happens after the victim who leaked our communications has already paid the ransom, we will dump someone else’s files in revenge. We won’t mind if you directly shared our conversations with the media or researchers, or if they extracted it from VirusTotal after you posted our samples there. We will assign accountability to the target who is in the chat since security corporations that share talks via their pocket journalists have no notion of responsibility. We do not advocate collective punishment as a means of collective accountability, but if it is the only choice, we will use it.

Written by Nishat Mowla