Snap-on discloses data breach claimed by Conti ransomware gang

ByMabel R. Acton

Apr 9, 2022 #2021 Acura Rdx Technology Package, #2021 Acura Tlx Technology Package, #2022 Acura Mdx Technology Package, #Align Technology Stock, #Applied Racing Technology, #Artificial Intelligence Technology Solutions Inc, #Assisted Reproductive Technology, #Battery Technology Stocks, #Benjamin Franklin Institute Of Technology, #Chief Technology Officer, #Color Star Technology, #Craft Design Technology, #Definition Of Technology, #Definitive Technology Speakers, #Element Materials Technology, #Health Information Technology Salary, #Ice Mortgage Technology, #Information Technology Definition, #Information Technology Degree, #Information Technology Salary, #Interactive Response Technology, #International Game Technology, #La Crosse Technology Weather Station, #Lacrosse Technology Atomic Clock, #Luokung Technology Stock, #Marvell Technology Stock Price, #Maytag Commercial Technology Washer, #Microchip Technology Stock, #Micron Technology Stock Price, #Mrna Technology History, #Mrna Vaccine Technology, #Nyc College Of Technology, #Penn College Of Technology, #Recombinant Dna Technology, #Rlx Technology Stock, #Robert Half Technology, #Science And Technology, #Sharif University Of Technology, #Smart Home Technology, #Stevens Institute Of Technology Ranking, #Symphony Technology Group, #Technology In The Classroom, #Technology Readiness Level, #Technology Stores Near Me, #Thaddeus Stevens College Of Technology, #University Of Advancing Technology, #Vanguard Information Technology Etf, #Vanguard Technology Etf, #What Is 5g Technology, #Women In Technology

American automotive tools manufacturer Snap-on announced a data breach exposing associate and franchisee data after the Conti ransomware gang began leaking the company’s data in March.

Snap-on is a leading manufacturer and designer of tools, software, and diagnostic services used by the transportation industry through various brands, including Mitchell1, Norbar, Blue-Point, Blackhawk, and Williams.

Yesterday, Snap-on disclosed a data breach after they detected suspicious activity in their network, which led to them shutting down all of their systems.

“In early March, Snap-on detected unusual activity in some areas of its information technology environment. We quickly took down our network connections as part of our defense protocols, particularly appropriate given heightened warnings from various agencies,” reads a notice on the Snap-on website.

“We launched a comprehensive analysis assisted by a leading external forensics firm, identified the event as a security incident, and notified law enforcement of the incursion.”

After conducting an investigation, Snap-on discovered that threat actors stole personal data belonging to employees between March 1st and March 3rd, 2022.

“We believe the incident involved associate and franchisee data including information such as: names, Social Security Numbers, dates of birth, and employee identification numbers,” discloses a Snap-on data breach notification submitted to the California Attorney General’s office.

Snap-on is offering a free one-year subscription to the IDX identity theft protection service for those affected.

Conti claimed an attack on Snap-on

While Snap-on’s data breach notification did not shed much light on its attack, BleepingComputer received an anonymous tip in early March stating that one of Snap-on’s subsidiaries, Mitchell1, was suffering an outage caused by a ransomware attack.

Mitchell1 had initially tweeted about the outage but soon deleted the notices from Twitter and Facebook.

Deleted Mitchell1 tweet about the outage
Deleted Mitchell1 tweet about the outage

Tweet from customer about deleted tweets

However, another source told BleepingComputer that it was not Mitchel11 who had suffered an attack but their parent company Snap-on.

Soon after, threat intelligence researcher Ido Cohen spotted that the Conti ransomware gang claimed to have attacked Snap-on and had begun to leak almost 1 GB of documents that were allegedly stolen during the attack.

Ensar tweet

The Conti gang quickly removed the data leak, and Snap-on has not reappeared on their data leak site, leading security researchers to tell BleepingComputer that they believe Snap-on paid a ransom for the data not to be leaked.

BleepingComputer has contacted Snap-on to confirm if the disclosed data breach is linked to the alleged Conti ransomware attack, and we will update this story if we hear back.

Who is Conti Ransomware?

Conti is a ransomware operation operated by a Russian hacking group known for other malware infections, such as Ryuk, TrickBot, and BazarLoader.

Conti commonly breaches a network after corporate devices become infected with the BazarLoader or TrickBot malware infections, which provide remote access to the hacking group.

Once they gain access to an internal system, they spread through the network, steal data, and deploy the ransomware.

The Conti gang recently suffered their own data breach after siding with Russia over the invasion of Ukraine, leading to a Ukrainian researcher publishing almost 170,000 internal chat conversations between the Conti ransomware gang members and the Conti ransomware source code.

Conti siding with Russia on the invasion of Ukraine
Conti siding with Russia on the invasion of Ukraine
Source: BleepingComputer

Conti is known for past attacks on high-profile organizations, including Ireland’s Health Service Executive (HSE) and Department of Health (DoH), the City of Tulsa, Broward County Public Schools, and Advantech.

Due to the cybercrime gang’s ongoing activity, the US government issued an advisory on Conti ransomware attacks.