Gedia Automotive Group headquarters in Attendorn fell victim to a cyberattack on January 21. Shutdown of all systems was enforced to prevent a complete IT infrastructure breakdown. The company confirmed the attack shortly after the Sodinokibi ransomware gang threatened to publish sensitive data.
An automotive supplier had its systems breached and files encrypted by three different ransomware gangs over two weeks in May, two of the attacks happening within just two hours. The attacks followed an initial breach of the company's systems by a likely initial access broker (IAB) in December 2021, who exploited a firewall misconfiguration to breach the domain controller server using a Remote Desktop Protocol (RDP) connection. After the initial compromise, LockBit, Hive, and ALPHV/BlackCat affiliates also gained access to the victim's network on April 20, May 1, and May 15, respectively.
While dual ransomware attacks are increasingly common, "this is the first incident we've seen where three separate ransomware actors used the same point of entry to attack a single organization," Sophos X-Ops incident responders said according to a report in Bleeping Computer.
October 24, 2021: Cyberattack Cost Eberspächer Automotive Supplier $60Million says CEO
The German supplier Eberspaecher Group fell victim to a large-scale cyberattack on October 24, 2021. To prevent the possible spread of the attack within the company and externally, the company shut down all networks and servers. Later reports stated that at this point, some of the data had already been tapped and encrypted. Stellantis, Volkswagen, Audi, BMW among the automakers that could be impacted.
UPDATE July 2022,: Automotive News reports that the company is finally eliminating the remaining effects from its 80 sites worldwide. The attack cost the company a “mid-double-digit million amount,” Eberspaecher CEO Martin Peters told journalists.
June 14, 2022: Nichirin-Flex U.S.A Hit in Ransomware Attack
Japanese automotive hose maker Nichirin Co. said a U.S. subsidiary suffered a ransomware attack June 14 forcing it shut down its computerized production controls.
The U.S. unit, Nichirin-Flex U.S.A, which supplies hoses to Japanese carmakers, switched to manual production and shipping in order to keep parts flowing to customers, it said in a release. The attack occurred June 14, and the company reacted as soon as it detected the unauthorized access on its network and moved operations into manual mode.
March 10, 2022: Auto Parts Supplier Suffers Ransomware Attack
Global automotive parts supplier Denso suffered a ransomware attack last week, company officials said.
The ransomware attack group was Pandora. Japan-based Denso officials said they detected unauthorized access using ransomware at Denso Automotive Deutschland GmbH, a group company that handles sales and engineering in Germany, on Thursday (March 10).
Denso “promptly responded,” spokeswoman Izumi Saito said Sunday in a published report. Eventhough the company is still reeling from the attack, it has not had an impact on operations, Saito said.
February 28, 2022: Kojima Industries, a Toyota Supplier, Suffers Cyberattack
Toyota will shut down production in Japan Tuesday because one of its domestic suppliers suffered a cyberattack, company officials said Monday.
Kojima Industries is the supplier hit in the attack and it provides plastic and other parts to Toyota.
The company will suspend 28 lines at 14 plants. Toyota subsidiaries Hino Motors and Daihatsu Motor will also halt operations at some plants in Japan on Tuesday. The automakers are still determining whether they will be able to return to normal operations after Wednesday.
December 19, 2021: Global IT Firm Recovering From Ransomware Attack
Global IT services company, Inetum Group, suffered a ransomware attack December 19, impacting operations in France.
While the global company suffered the hit in France, its operations were ongoing in other parts of the world. Among the multiple sectors the company works with are energy and utilities, aerospace, automotive, and chemicals and life sciences. The company said none of the main infrastructures, communication, collaboration tools or delivery operations for its clients ended up affected.
September 20, 2021: Automotive Group Hit in Ransomware Attack
A U.S.-based automotive group of dealerships fell victim to a new ransomware attack group threatening to drop 200 GB of exfiltrated data unless the group pays $400,000.
The attack is a variant of ransomware called Colossus that affects machines running Microsoft Windows operating systems, according to a report by the ZeroFox Threat Intelligence team. The sample has features including binary packing via Themida and sandbox evasion capabilities. The ransomware has a support website for setting up communications with victims, which most likely launched September 20.
June 11, 2021: VW, Audi Hit In Cyber Attack
Volkswagen and Audi, VW’s luxury brand, suffered a a data breach that exposed contact information and, in some cases, personal details, like driver license numbers, of customers in the United States and Canada.
April 1, 2017: AW North Carolina Hit in Ransomware Attack
August 2016 at the Durham, NC-based 2,200-worker transmission factory, AW North Carolina, a computer virus flowed through the plant’s network like a raging river, flooding machines with data and stopping production for about four hours, said John Peterson, the plant’s information technology manager. Add the cost of downtime at $270,000 an hour that adds up to $1.08 million for a four-hour shut down.
Data on some laptops was lost, but the malicious ransomware ended up blocked by a firewall when it tried to exit the plant’s network and put the hackers’ lock on the plant’s computer network.
The plant was hit again in April 2017, this time different bad guys used an alternative type of ransomware, Peterson said. Learning from the previous attack, the attack ended up contained before affecting production. No ransom was paid to either group, he said.