Backup appliance firm pays out $2.6 million ransom to attackers

Graham Cluley
@gcluley

Backup appliance firm pays out $2.6 million ransom to attackers

The Conti ransomware gang has successfully managed to extort millions of dollars out of an organisation once again.

What’s notable on this occasion is that the Conti group’s corporate victim is ExaGrid, a backup company.

And according to reports, last month it shelled out $2.6 million worth of ransom in Bitcoin, after having had its systems encrypted and 800GB exfiltrated from its servers.

Sign up to our newsletter
Security news, advice, and tips.

ExaGrid is not just any old backup storage service company. No, the very first thing you see when you visit its website is a press release extolling the virtues of the “ransomware recovery solution” it launched last year:

The release of Software Version 6.0, which included a streamlined navigation experience, user interface improvements, security enhancements, and most notably, the Retention Time-Lock for Ransomware Recovery, making ExaGrid the only backup storage system on the market to offer a non-network-facing tier with immutable objects and delayed deletes for ransomware recovery solution.

Sounds like just the kind of product that might be handy to have in place before your company gets hit by… uh-oh.

The hackers claimed that they had stole financial and personal data related to ExaGrid’s customers and staff, including “commercial contracts, NDA forms, financial data, tax returns and source code.”

Ok, look. It’s very easily to smirk and giggle at a firm which tries to help prevent companies from falling foul of ransomware to itself be found to have coughed up a ransom.

But all we’ve really had underlined here is that ransomware attacks can pretty much impact any business. What organisations need to do is ensure they have taken the vital steps to reduce the chances of them becoming the next ransom victim, and had the foresight to ensure that they can recover with the minimum fuss and cost.

ExaGrid’s product may work very well – I have no reason to believe it doesn’t. But recovering from a secure backup is not the only consideration when deciding whether to pay a ransom or not.

For instances, many organisations may feel pushed into a corner by their extortionists if threatened with the release of stolen data into the hands of other criminals or the general public.

Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.


Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.