US information processing company Sandhills Global recently suffered a devastating ransomware attack, rendering hosted websites inaccessible and causing major disruption to its business operations.

The Nebraska-headquartered enterprise is privately owned and produces an extensive range of services and products spanning well-established trade publications to online sites for hosted technology services. Sandhills host sites for many different industries including agriculture, transportation, and heavy machinery.

Targeted by ransomware

The first indication customers of Sandhills Global had of the attack was when its main website and various hosted publications suddenly went offline. Attempts to contact the publications company were met with a phone system that was also no longer in operation.

Users who tried to access sites hosted by Sandhills Globals’ platform found an error page (1016) that stated that the Cloudflare system in use was unable to make a connection to the company’s servers.

The rapid attack took place early on the morning of September 30. Once identified, Sandhills Global took its own swift action and shut down the all the company’s IT systems. The aim of this initiative was to stop the ransomware attack spreading further.

Multiple Sandhills publications were rendered inaccessible by the ransomware strike, including popular titles such as Aircraft.com, Controller, LiveStockMarket, Aircraft, Oil Field Trader, RV Universe, MarketBook, CraneTrader, Motorsports Universe, RentalYard, HiBid, ForestryTrader, Machinery Trader, AuctionTime, TractorHouse, and Truck Paper.

Conti ransomware gang behind attack

The Conti group has been behind an extensive range of cyberattacks around the world in recent years. Its high-profile ransomware attacks have involved a variety of victims include companies like JVCKenwood, Advantech, and the Health Service Executive (HSE) of Ireland.

When executing attacks, Conti’s ransomware outfit typically uses double extortion tactics. It steals files prior to encrypting enterprise devices for later use. Stolen data provides extra leverage in criminal extortion attempts. Conti will usually demand multimillion-dollar ransom payments in return for a decryption device and for stolen data not to be disclosed.

A statement made by Sandhills to its customers explained the incident and its actions:

“Sandhills Global is currently responding to a ransomware attack that impacted our operations. Systems and operations have been temporarily shut down to protect data and information, and we have retained cybersecurity experts to assist us with the investigation, which is ongoing. We are working actively and diligently with the assistance of our retained experts to fully restore operations.”

Regarding customer data security, it added:

“At this time, we are continuing to investigate whether any of our client’s [sic] information has been accessed or impacted by this incident. At this time, we have not discovered evidence that confirms that customer information has been compromised.”

The sum demanded from Sandhills by the Conti gang, or whether any data was taken during the attack, is as yet unknown.

Sandhills Global confirmed that its client base was the key priority in its efforts to restore operations. It apologised for the potential delays in response to customer messages and confirmed it would issue updates at its earliest opportunity.