Shimano Was the Victim of a Ransomware Attack and Didn’t Pay the Ransom. Hackers Then Published a LOT of Data.
Shimano, one of the world’s leading cycling component manufacturers, came under fire from hackers at the beginning of the month, when the company was the victim of a ransomware attack involving 4.5 terabytes of sensitive company data.
Who perpetrated the ransomware attack?
According to Cycling News, “The attacker, LockBit, is a cybercrime group that uses malware to breach sensitive company data and then attempts to extort money in exchange for avoiding its public release.
“Cyber-crime protection company Flashpoint describes it as the world's ‘most active’ ransomware group, saying it is responsible for 27.93 percent of all known ransomware attacks.”
What kind of data was leaked?
Escape Collective first reported earlier this month that the hackers threatened to publish 4.5 TB of confidential data unless Shimano paid an unspecified ransom. This data, according to a notification published by the hackers on the LockBit website, included:
Confidential employee details – including social security numbers, residential addresses, and passport scans
Financial documents – including balance sheets, budget, bank statements, cash flow and tax details
Client database – including contact details, reports, minutes from meetings, factory inspection results, incident reports, and legal documents
Confidential diagrams and drawings, laboratory tests, NDAs, contracts, and development materials.
They put a deadline on the ransom for November 5, 2023. And when demands were not met, the notice on LockBit’s website changed, stating that “all available data [had been] published”. But there was no corresponding download link to access the data.
Until recently. Escape Collective updated their report late last week saying that when contacted, “a cyber-security firm active in the space suggested that the delay in publication could indicate Shimano was in negotiations. Multiple attempts to contact LockBit itself via Sonar, a web messenger in the Tor darknet browser, went unanswered.”
But at least some of the data has indeed been published. Escape Collective reported that made public were, “multiple folders with subfolders upon subfolders nestled within them. Some documents are in English, some in Mandarin, some in Bahasa Indonesia, covering a broad range of information of varying confidentiality, across both Shimano’s fishing and cycling departments.”
It’s yet unclear what the ransom was. According to Cycling News, when Shimano was contacted a spokesperson said, “This is an internal matter at Shimano, which is being investigated, however we cannot comment on anything at this time.”
It seems clear that Shimano did not pay a ransom, and thus sensitive information was leaked. But that doesn’t make this ordeal complete. Included in the ransom note that Shimano received, the hackers noted that this might not be a one-time incident. “If you do not pay the ransom, we will attack your company again in the future.”
You Might Also Like
