On Christmas eve, Sangoma Technologies, a provider of Unified Communications as a Service (UCaaS), disclosed a data breach that compromised one of the company’s internal servers. The compromise took place during a targeted ransomware attack by the infamous Conti ransomware gang.
- Sangoma Technologies disclosed the data breach event on December 24, 2020.
- Researchers suggest Conti Ransomware Gang was responsible for the attack.
- The Conti ransomware gang posted 26GB worth of data on their data leak website a day before the data breach disclosure.
- Confidential data, including the company’s financials, accounting, acquisitions, employee salary and benefits information, and legal documents, were leaked in the attack.
It is reported that the attackers published nearly 26GB worth of data on their respective data leak website hosted in the underground forum. Sangoma accepted that a certain amount of confidential data, including the company’s financials, accounting, acquisitions, employee salary and benefits, and legal documents, were leaked in the attack; however, there is no evidence of customers’ data being compromised.
Sangoma Technologies has hired third-party cybersecurity experts who are closely investigating the whereabouts of the attack and determining the actual extent of the data breach. As per the latest updates, the researchers have confirmed traces of the Conti ransomware gang, which closely shares code with another infamous threat actor – the Ryuk ransomware gang.
Operations of the Conti ransomware gang first emerged in December 2019 and only gained momentum in June 2020. Conti ransomware is distributed as a payload using TrickBot malware and moves laterally until it breaks through the domain admin credentials, making it easier to infect and encrypt critical data.
Bill Wignall, President and CEO of Sangoma, said,
We are working as quickly as we can to complete our investigation. As this work progresses, we plan to provide updates of factual, accurate information as it becomes available.
Sangoma has asked its customers to reach out at [email protected] for any queries about the data breach. Additionally, it asked all its customers to change their passwords as a precautionary measure.