Ransomware shuts down a 100-year-old car parts manufacturer; more than 4,000 jobs lost

A new ransomware incident has harshly affected a major automotive company. Gedia Automotive Group, a German car parts manufacturer with nearly 5,000 employees in seven different countries, has confirmed a ransomware attack that forced all of its IT systems to be shut down; the company’s employees were sent home until further notices, as reported by ethical hacking specialists.

This firm is established in the German city of Attendorn and is more than 100 years old. Through a statement, the Gedia direction board reported that it will take a few weeks (or months, at worst) to its IT department to restore the operation of its entire infrastructure.

“At the beginning of this week, a massive cyberattack took place at Gedia’s headquarters in Attendorn. After detecting the incident, an internal investigation began, after which the immediate shutdown of the systems was determined as a security measure,” the company’s statement says.

Although many details about the incident are still unknown, Gedia mentions on its website that the group of threat actors in charge of this attack is also behind the ransomware incident that recently affected the systems of the currency exchange firm Travelex. According to experts in ethical hacking, this hacker group would have claimed the authorship of the attack on a dark web forum.

The company’s claim appears to be backed by a security firm that has tracked recent attacks using the Sodinokibi ransomware variant, also known as REvil. Operators of these attacks have threatened to publicly disclose company’s sensitive data.

The hackers’ announcement, allegedly posted on a clandestine hacking forum, threatens to post more than 50 GB of confidential information, including blueprints of future projects and confidential employee and customer information. The amount of ransom that hackers demand of Gedia is still unknown.

In response to the incident, the company implemented an emergency plan to ensure critical operations were still online. In addition, Gedia’s executives hired the services of an ethical hacking firm for the incident recovery process. Apparently the attack originated in some Eastern European country.

Specialists predict that it will be difficult to identify the threat actor behind this attack, as there are currently at least 40 groups of cybercriminals using the Sodinokibi ransomware, in addition to the attack methods employed by these criminal cells they’re very similar.

Experts in ethical hacking from the International Institute of Cyber Security (IICS) mention that among the main causes of ransomware attacks are the use of weak or preset passwords, security implementation errors and lack update internal resource management policies.