LockBit group claims ransomware attack on Japanese zipper maker YKK

Japanese zipper manufacturer YKK suffered a major cyber attack last week that affected the company’s U.S. operations.

Headquartered in Tokyo, the YKK Group is the world’s largest zipper manufacturer and also produces other fastening products, architectural products, plastic hardware, and industrial machinery. Previously known as "Yoshida Manufacturing Corporation" until 1994, the group has a total of 109 manufacturing facilities worldwide.

Last week, a YKK Group spokesperson said in a statement shared with Recorded Future News that soon after the company’s cybersecurity team identified a security incident, it “contained the threat before significant damage was done or sensitive information was exfiltrated”.

“The incident did not have a material impact on our operations or our ability to continue to serve our customers,” said Jessica Kennett Cork, vice president of corporate communications at YKK Corporation of America.

“There is no evidence that personal or financial information or intellectual property was compromised. We take cybersecurity seriously and thank our stakeholders for their continued trust in YKK," Cork added.

While the company did not comment on the nature of the cyber attack or how threat actors infiltrated its network, the notorious LockBit ransomware gang claimed responsibility for the cyber attack on YKK.

Security researcher Dominic Alvieri posted a screenshot on Twitter on June 2 to state that the LockBit group listed YKK on its data leak site and threatened to leak the data it allegedly stole from the company’s systems by June 16 unless YKK meets its ransom demand.

 

“The world’s largest zipper manufacturer YKK Group of Japan, has allegedly been breached by LockBit,” reads LockBit’s post.

It is not clear so far how much data the ransomware group has exfiltrated from the company or the nature of the same, however, LockBit’s claims are in contradiction to what the company said about containing the cyber attack.

The LockBit ransomware gang has been one of the most prolific ransomware groups in recent times, targeting hundreds of organisations globally. Last month, Bank Syariah Indonesia, one of Indonesia’s largest Islamic banks, suffered a significant data breach that affected its normal operations and payment systems and compromised millions of customers’ personal and financial information.

The notorious LockBit ransomware gang has claimed responsibility for the cyber attack on BSI and threatened to publish all the data stolen from the Bank Syariah Indonesia. The group also published screenshots of ransom negotiations with the bank, revealing that it demanded a ransom of $20 million and demanded the bank pay it by May 15.