On July 30th, 2020, the business technology giant Konica Minolta, which is based in Japan, was hit with one massive ransomware.
Dubbed as RansomEXX - human-operated ransomware that brought the company’s services down for almost a week.
Apparently, the company was in the dark until customers started stating that there was an outage, and they started having problems accessing the company’s product supply and support site.
The ransomware did so much more than that and, apparently, Konica Minolta isn’t its first hit. So, what do we know about this new ransomware? What happened to the Konica Minolta website? Find out below.
The RansomEXX Effect: Service Not Available!
Before we dig deeper into the matter, we have to explain what RansomEXX is. It’s a newly developed virus that works similar to the likes of Team Ransomware, loly _zip, and more.The ransomware is designed to infiltrate a user’s system, encrypt all major file-types, and finally, place a special text message to the user.
Once it’s in, the ransomware targets any file with the following formats: .ani, .cab, .cpl, .cur, .diagcab, .diagpkg, .dll, .drv, .hlp, .icl, .icns, .ico, .iso, .ics, .lnk, .idx, .mod, .mpa, .msc, .msp, .msstyles, .msu, .nomedia, .ocx, .prf, .rtp, .scr, .shs, .spl, .sys, .theme, .themepack, .exe, .bat, .cmd, .url, .mui.
And finally, just like any other ransomware out there, RansomEXX places a note on the victim’s system, which asks for a ransom if the target wishes to decrypt the files and get them back.
In Konica Minolta’s case, customers weren’t able to access the company’s services. The ransomware caused an outage and the only thing the customers got is the following note:
“The Konica Minolta MyKMBS customer portal is temporarily unavailable. We are working hard to resolve the issue and apologize for any inconvenience this may have caused you. If you need immediate assistance for service, please call our Global Customer Services at 1-800-456-5664 (US) or 1-800-263-4410 (Canada).”
According to Bleeping Computer, the ransom note sent by the attackers looks exactly like this:
Throughout the research, Bleeping Computer also found out that the attackers encrypted the devices in the company and the files had '.K0N1M1N0' extension appended to them.
This is definitely not the first time the ransomware has hit major companies. Not long ago, in June 2020 to be exact, RansomEXX was used in an attack on the Texas Department of Transportation.
Bleeping Computer analyzed the ransom note sent by the attackers. Apparently, the ransomware operation doesn’t steal data before encrypting devices.
However, the attackers are demanding big amounts of money in exchange for decrypting the files. They’re asking for a ransom of between 0.5 to one Bitcoin ($4,000 U.S.)) to settle everything.
Final Words
As you can see, even big companies are susceptible to such attacks. In other words, you’ll be an easy target if you don’t take proper precautions.Online security in a world where cybercrime is growing daily is crucial. To protect yourself from such attacks, you must at least have minimal security knowledge.
There are websites on the web that specialize in educating those in need. You’ll find websites such as The VPN Guru that offer hundreds of guides and walkthroughs to a better browsing experience.