Windows RansomExx Ransomware Hits An Australian Automotive Firm, Inchcape


An Australia-based automotive services provider named Inchcape had been hit by ransomware identified as Windows RansomExx.

The cybercriminals who have compromised the firm stole some data from the company’s database and leaked them on the dark web. The company rears around 1500 employees in Australia. 

Inchcape is headquartered in London and is a part of a group. The company’s website mentions the group to be “the largest independent international automotive retailer in the world having operations in nearly 30 countries”.

“Our core markets include Belgium, Greece, Hong Kong, Singapore, Australia, Russia and the UK and we are currently expanding operations in the Balkans, the Baltics, China and South America,” the website says.

“In addition to growing our core businesses, we are developing scale operations in new and emerging regions.” The group had revenue of £9.4 billion (A$16.61 billion) in 2019.

The data or the documents under the RansomExx ransomware hit have been leaked in four lots that are directly related to the administration, client information and customer fulfilment. 

It proved to be challenging to grab a comment from the company as it had no mentioned email address dedicated for media communications on its website. Thus, an email had been sent on the general email id specified on the website, but unfortunately, it bounced back. The incident happened at 8:50 am.

Following this, the company was contacted over phone and the receptionist furnished with an alternate email address. Another email was sent to the alternative address at 9:25 am. 

The email failed to get delivered this time as well. Both the mails had been sent from the same email id that had been in use for over 20 years to correspond with the global companies. Microsoft Exchange was used to handle the emails sent to Inchcape. 

Image: Auto Retail Network

Another phone call to the company had been done when the receptionist had promised to pass on mobile contact details to the company’s IT manager. But this attempt was also wasted. 

Around noon, a third phone call had been attempted to the company where the receptionist was unable to find anyone who could speak to. After this, a third email had been shot from a Gmail address that was not used for any other purpose except the Android smartphones. Someone from the company then reverted and promised to respond. 

The Inchcape spokesperson said: “Inchcape Australia and its component companies (AutoNexus, Peugeot Citroen, Subaru and Trivett Retail) recently experienced an IT system outage, the cause of which continues to be investigated.”

“This impacted a variety of IT systems, necessitating the use of alternative channels for a period, to communicate with customers and suppliers.”

“While the majority of systems are now restored, work continues to restore some functions fully.”

“Investigations continue to identify the cause of the outage, and if any data is identified as being compromised, Inchcape will notify the relevant parties and work with them to ensure the integrity of their material.”

“We continue to work closely with customers and suppliers to minimize the impact.”

Brett Callow, a senior ransomware researcher with the New Zealand-headquartered security outfit Emsisoft for a comment on the ransomware incident stated:

“RansomExx’s victims include TxDOT and Tyler Technologies. Unusually, after penetrating a network, the operators of RansomExx – which is also known as Defray777 – will deploy both Windows and Linux versions of the ransomware in order to maximize damage.”

“Like multiple other groups, they also exfiltrate data and use the threat of releasing it as additional leverage to extort payment.”

Source: IT Wire

Disclaimer: Read the complete disclaimer here.


Please enter your comment!
Please enter your name here