Sangoma Conti Ransomware Attack: About 26 GB Data of Popular FreePBX Developer Breached Online

Popular FreePBX Developer Called Sangoma Now Hit with a Conti Ransomware that Stole Critical Files and Published it Online
Popular FreePBX Developer Called Sangoma Now Hit with a Conti Ransomware that Stole Critical Files and Published it Online Screenshot From Pxhere Official Website

Sangoma has recently disclosed a brand new data breach that happened to the company as its files had reportedly been stolen during a more recent Conti ransomware attack wherein the attackers had published their data online. Sangoma is a particular voice over IP software and hardware provider that is more popularly known for its open-source Free PBX phone system that reportedly allows the organization to create a cheaper corporate phone system on their own network.

Sangoma Free PBX

According to an article by BleepingComputer, the Conti ransomware gang had published a significant 26 GB or more of the data on their own ransomware data leak site. This was the data that had been stolen from Sangoma during its more recent cyberattacks. This particular data leak includes certain files that are related to the company's own financials, accounting, acquisitions, and even its employee salary and benefits. To top everything off, even the company's legal documents were reportedly leaked.

As of today, the company had confirmed that the recent ransomware attack had actually resulted in data breach shortly after both private and confidential files from their own company and employees were all published online. In an advisory, Sangoma Technologies Corporation's advisory had acknowledged that as a result of the recent ransomware cyber attack on one of the Company's number of servers, both private and confidential data that belonged to the company was indeed posted online just yesterday.

Who owns FreePBX?

In the attacks against this particular software developer, there were spoken concerns that their own products were modified in order to deliver malware in recent supply chain attacks. This was similar to the much recent SolarWinds cyberattack that just happened. In the more recent data breach disclosure, Sangoma is now reassuring its own customers and users that there is actually no evidence that customer accounts or even Sangoma products were in fact compromised due to the attacks.

Sangoma also stated in the advisory that there is actually no initial indication that the customer accounts were in fact compromised, nor that any of the existing Sangoma services or products had been affected due to this breach. While the investigation is now ongoing, the company advised that its customers change their own Sangoma passwords.

Read Also: Illegal Streaming for Profit Can Now Get Up to 10 Years in Prison and Be Considered Felony!

Conti ransomware attack

The whole ransomware operation said to be behind this recent attack is more popularly known as Conti. They were first spotted in certain isolated attacks that took place during the end of December last 2019 with even more attacks that started to pick up in June of 2020.

This particular ransomware shares its code with the known Ryuk Ransomware and is also known to be distributed by the cunning TrickBot trojan. Conti operators were able to breach corporate networks and also spread laterally until they had been able to gain access to the main domain admin credentials in order for them to deploy the supposed ransomware payloads that are used to encrypt the devices.

Related Article: FBI Warns of Scams Seeking Downpayments for Alleged COVID Vaccine Through Ads, Emails, and More

This article is owned by Tech Times

Written by Urian Buenconsejo

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics