Conti Demands $15 Million After Infecting Taiwanese Tesla Supplier with Ransomware

Ransomware operators have successfully breached a major power parts supplier of Tesla and Apple, demanding a $15 million ransom to free up infected systems. A week into the attack, the company’s website is still down, despite claiming it suffered little to no disruption from the attack.

Delta Electronics, a Taiwanese maker of UPS units and other power supply components, told stock holders that it suffered a ransomware attack.

Delta, a supplier for Apple and Tesla, claimed the infection was rapidly detected and contained. It also said the attack did not affect its production line systems.

According to a Google-translated story by Juheng.com reporter Peng Yuwen Taipei:

“Delta stated that the main affected services are non-critical systems, which are gradually resuming operations. At present, the assessment has no significant impact on the company's operations, and it has notified government law enforcement agencies and information security units to assist in follow-up processing, and will continue to improve network and security. Security control of information infrastructure to ensure data security.”

But according to an intelligence report issued by investigators soon after, a sample of the ransomware infection tied the attack to the infamous Conti group.

Around Jan. 21, Conti allegedly deployed its powerful ransomware on 1,500 servers and about 12,000 computers, demanding $15 million to free up the systems.

A full week into the attack, the Taiwanese supplier’s website still displays a “system maintenance” notice, suggesting it may have been more disruptive than initially claimed.

In fact, a source familiar with the attack tells The Record that Delta has yet to restore most of its systems, and that the company is using an alternative web server to keep communications going with clients.

Attacks by Conti have been observed since 2020. Allegedly a Russia-based operation, Conti has claimed such victims as Ireland’s HSE (Health Service Executive), American commercial printing company RR Donnelley, IoT firm Advantech, and others.

Conti uses phishing to deliver TrickBot and BazarLoader Trojans to gain remote access and spread laterally through the targeted network. It steals credentials and harvests data to leverage it in double extortion before encrypting it to render the data useless on the victim’s end.

Conti notably uses its own implementation of AES-256 that uses up to 32 individual logical threads, making it much faster than most other ransomware strains.

In May last year, the FBI said Conti had been responsible for at least 16 attacks targeting US healthcare and first responder networks within a 12-month span.