German semiconductor company Semikron confirmed this week that it is grappling with what seems to be a ransomware attack. The company confirmed the “partial encryption of our IT systems and files†and that the threat actors behind the attack have claimed to have exfiltrated data.
The company didn’t name the attacker, although BleepingComputer, which saw a ransom note on one of Semikron systems, reported that LV ransomware might be behind the attack and that they have stolen two terabytes of company data.
Semikron manufactures power semiconductors, integrated circuits, power modules, etc., used in industrial automation systems, electric vehicles, renewable energy production, power supplies, and more.
The Nuremberg-based company has 3,000 employees, 24 global subsidiaries, production sites in Germany, Brazil, China, France, India, Italy, Slovakia and the U.S., and, going by the stated modus operandi of the LV ransomware group, a weak consumer data protection in place.
“Here are companies which didn’t meet consumer data protection obligations,†reads LV ransomware gang’s leak site. “They rejected to fix their mistakes, they rejected to protect this data in the case when they could and had to protect it.â€
Of course, LV ransomware trying to be the darknet Robinhood of the customers of companies with lax data protection practices could be hogwash. After all, the LV ransomware is based on one of the most prolific and feared ransomware strains, REvil/Sodinokibi.
See More: BlackCat Ransomware Gang Targets Luxembourg Energy Giant Creos
According to researchers at SecureWorks, the LV strain is repurposed from the REvil v2.03 beta strain with a modified binary. The LV ransomware group also conducts ransomware-as-a-service (RaaS) operations and leaks exfiltrated data if the victim decides not to pay a ransom. It is unclear if the REvil gang intentionally shared their source code or if it was stolen.
Sam Linford, AVP EMEA channels at Deep Instinct, told Spiceworks, “Too many businesses accept the ‘assume breach’ mindset and take a reactive approach when dealing with ransomware. However, with attacks continuing to rise, this method is not enough. Organizations should be implementing a prevention-first mindset to stop ransomware attacks before they breach the network. It is time we take a stand against cyber criminals and show that we have had enough.â€
Semikron hasn’t been listed on LV ransomware’s leak site yet. Since neither Semikron nor LV ransomware gang has made it public, the type of stolen data remains unknown.
“Threat actors put decision-makers under extreme pressure so that they pay a ransom in order to decrypt their systems and stop the leakage of data. Unfortunately, this method is working. Our research has shown that businesses paid an average of £3 million in ransomware demands, and if threat actors know that this method is working, they will continue to use it,†added Linford.
“On top of this, there will be pressure on security teams to get systems back up and running. There will be the stress of trying to figure out where the initial breach happened and the need to secure networks urgently, as well as who has access to their data. It is an awful feeling for any security team to experience and one that should not be accepted by organizations.â€
Semikron said they have apprised law enforcement and are working with external cyber security and forensic experts to investigate the incident and restore systems.
Let us know if you enjoyed reading this news on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!