Gedia Automotive Group has been hit by a ransomware launched by the Sodinokibi hackers sending their IT operations offline. The attack launched on the headquarters Attendorn has forced the Group to cease operation in seven countries which are Poland, Spain, China, India, the USA, Mexico, and Hungary.
According to reports, the Sodinokibi hackers have threatened the firm as they do to all their victims, to pay a ransom or face its sensitive information released to the public. Sodinokibi hackers have been very active recently with their recent attack on Travelex, a foreign currency exchange.
It was not stated how the Group was hacked, but from the report, the Gedia Automotive Group suddenly experienced a hit, and as part of its measures to prevent a complete infrastructure failure, they shut down their system which affected their operation in other countries. The impact is severe as almost all theirr 4,300 employees have been sent home with a large part of the company not able to carry out an emergency plan of ensuring production, material supply and the processing of customer delivery.
Image Source: www.threatpost.com
The Gedia Automotive Group according to the report hired an external security expert to assess the situation and come out with a clear overview of the damage and its solution. From the analysis, it was said that the attack seemed to have been launched by hackers in Eastern Europe.
The extent of damage looks very severe as the Gedia Automotive Group admitted that it will take about weeks and months to be able to get all the functional processes completely restored. There was no statement on whether the firm had a backup of its data. However, the Sodinokibi hackers mostly force the affected companies to pay a ransom whether they have a backup or not.
The Sodinokibi hackers claimed responsibility on a Russian hacker and malware forum and even admitted that all the computers on their network have been encrypted. According to their post on the hacking forum, they managed to steal about 50GB of data which includes drawing, and data of employees and customers. The Sodinokibi hackers stated that all these data have been prepared for implementation on the stock exchange of information. “What they don’t buy, we will post it for free. 7 days before publication”, they said.
The Sodinokibi hackers are known for truly exposing the stolen data if the ransom is not paid. They recently shared a link to about 337MB of stolen files said to belong to Artech Information Systems. Similarly to the Gedia Automotive Group threat, they stated that the Artech data would be sold on a data exchange platform.
They probably use the sense of security’s open-source AdRecon Tool on each of their victim’s AD environment. Sodinokibi hackers have a similar attacking strategy as most of the available ransomware gangs with their focus on bigger companies that have the ability to meet their ransom demand.
Image Source: www.bleepingcomputer.com
It is unfortunate to note that most of these companies do not invest in cybersecurity and end up losing so much money including their reputation, downtime, and data.
Ransomware gangs earlier used to embark on a strategy of encrypting files without exfiltrating data. However, some companies have taken backup seriously as their encrypted data are mostly backed up which do not force them to meet the ransom demand of hackers. For these reasons, hacker groups including the Sodinokibi hackers have learned to exfiltrate data before encrypting files. In this case, they can blackmail the affected company with the exfiltrated data even when they have a backup. They release the stolen data bit by bit in an attempt to force the affected company to pay the stated ransom amount.
This new plan was said to have been started by the Maze ransomware hackers according to the Bleepingcomputer. It was then adopted by the Sodinokibi hackers and then the BitPyLock and the Nemty ransomware.
It is interesting to note that the impact of a ransomware attack can be minimized by first and foremost, taking cybersecurity seriously and being careful when opening emails from untrusted sources and clicking on a suspected malicious link or downloading a malicious attachment. Ransomware can best be prevented by following these basic guidelines.
Many companies were hit by ransomware in the previous year with the attacks being intense in recent months. Experts have advised affected companies not to pay any ransom no matter how they are threatened with their stolen data. It is said that most hackers do not provide decryption keys after a ransom is paid, neither do they get rid of the obtained files after the ransom demand is met.
Source: SC MAGAZINE UK
Disclaimer: Darkweblink.com does not promote or endorse claims that have been made by any parties in this article. The information provided here is for the general purpose only and unintended to promote or support purchasing and/or selling of any products and services or serve as a recommendation in the involvement of doing so. Neither Darkweblink.com nor any member is responsible directly or indirectly for any loss or damage caused or alleged to be caused by or in relation to the reliance on or usage of any content, goods or services mentioned in this article.