BreachExchange mailing list archives
A Volkswagen Dealership Has Been Hit by “Conti” Ransomware
From: Destry Winant <destry () riskbasedsecurity com>
Date: Fri, 28 Aug 2020 09:36:43 -0500
https://www.technadu.com/volkswagen-group-hit-conti-ransomware/184319/ The Conti ransomware group is showing its teeth right away, by compromising a Volkswagen dealership. The actors targeted a franchise in Salzkotten, so the entity and the incident fall under the GDPR. The leaked details include invoices that reveal the customer names, addresses, and products bought. According to multiple sources, including French media and Cyble, a German dealership belonging to the Volkswagen Group has fallen victim to the “Conti” ransomware group. The actors stole data in the process and are now publishing them on their dedicated leaks portal. The data includes thousands of invoices that come from workshop service and the sales of spare parts. In total, there are 8,325 invoices in PDF form, exposing details that could be used in scamming or phishing attacks against the clients. Also, these invoices could help BEC actors targeting VW. Volkswagen is a German car manufacturer which also happens to be among the most successful in the world based in sales numbers. They sell over 10 million cars every year, and they were the highest-selling marque in the world between 2016 and 2017, surpassing other giants in the field like Toyota, Ford, General Motors, and Hyundai. This event places the firm in GDPR trouble, as the leaked invoices contain client names, postal addresses, the products they purchased, etc. Having to cover the payment of GDPR fines couldn’t come at a worse time, as all automakers are going through a rough period of dramatic sales drop. Of course, Conti doesn’t care about the timing or the 304,000 people employed by Volkswagen. They want a piece of that massive $282.9 billion yearly revenue, and they have probably been extorting the company for a while now. However, having published even a small sample of the stolen documents means they burnt the GDPR card, as the Germans will now have to go through investigations by the data protection authorities anyway. Conti is the Ryuk group’s successor, and they operate as a private “ransomware as a service” (RaaS). They only recently launched a leak site and flooded it with data from previously undisclosed ransomware infections. According to the researcher Vitali Kremez, Conti has been mostly joined by experienced and capable hackers who were promised a generous cut from the ransomware payment. Thus, we see a spike in the Conti infections, and the compromise of VW Group’s systems is just an indicative example of what’s about to come. The Volkswagen Group hasn’t made any announcements on the incident. Still, according to Cyble, the part of the firm that has been targeted and compromised is a franchise in Salzkotten, Germany. Thus, the leak comes from authorized workshops in that area. If you live there and you’ve taken your car for a service at a VW service point, you’d better start taking precautions against scammers and phishing actors. We have received the following statement from a representative of the VW Group in relation to the above story: “A dealership in Germany has reported a hacker attack on its data. There was no unauthorized attempt to access Volkswagen’s own IT systems. The dealership concerned has already taken extensive measures to secure its systems. Volkswagen offered the dealership support with the investigation and analysis.” _______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- A Volkswagen Dealership Has Been Hit by “Conti” Ransomware Destry Winant (Aug 28)