German automotive parts manufacturer Gedia Automotive Group became the latest victim of the global scourge of ransomware infections after a hacker group used the Sodinokibi ransomware to gain control over the company's entire IT infrastructure.
The destructive Sodinokibi ransomware attack was announced by the hacker group in a couple of Russian-speaking underground forums and also by Gedia Automotive Group in a statement posted on its website.
The company announced on Monday that the ransomware attack was detected earlier this week and forced it to shut down its entire IT infrastructure to prevent a complete breakdown as all of its factories are connected to the infrastructure.
Gedia supplies lightweight automotive parts and chassis components to around fifteen global automakers and employs more than 4,300 people in offices located in Germany, the United States, Spain, India, Poland, and Hungary.
"A massive cyber attack was carried out on the headquarters of the Gedia Automotive Group in Attendorn at the beginning of this week. After discovery and investigation, an immediate system shutdown was decided by the management. This action was taken to prevent a complete breakdown of the IT infrastructure," the company said.
"The shutdown has far-reaching consequences for the entire GEDIA Group because all locations are connected to the central IT structure. An emergency plan ensures production, material supply and the processing of customer deliveries. The critical systems are running. External security experts support the analysis and repair of the damage.
"According to initial analyzes, it is an attack by cybercriminals from Eastern Europe. Since large parts of the administration are not able to work due to the shutdown, almost the entire administration employees in Attendorn are initially at home within a flexible rule. After planning, functions will be put back into operation as necessary. From today's perspective, it will take weeks to months until full functional processes are completely restored," GEDIA added.
Sodinokibi ransomware let hackers steal 50GB of blueprints and employee & client data
The hacker group responsible for the Sodinokibi ransomware attack on Gedia Automotive Group's IT infrastructure posted its exploits in Russian-speaking underground forums, stating that it had obtained 50GB of data from the automotive parts maker that included "blueprints, employees’ and clients’ details."
The group added that Gedia had been asked to pay ransom within seven days to recover control over its files, failing which all the stolen files would be uploaded to a data exchange platform.
Commenting on the Sodinokibi ransomware attack targeting Gedia's IT network, Stuart Sharp, VP of solution engineering at OneLogin, said that the best defence against ransomware is a robust Business Continuity Plan which includes regular backups, version control and thorough testing of disaster recovery procedures.
"Companies that leverage cloud-based storage and automatic syncing from end point devices will be well-placed to recover from such attacks, but should practice the recovery procedure to minimise downtime if an attack does occur," he added.
Peter Draper, technical director EMEA at Gurucul, said that companies can avoid falling victim to malware or ransomware infections by following a few best practices such as:
1) Ensure good and regular backups are available to be able to recover quickly.
2) Utilise good endpoint protection
3) User awareness of phishing attacks and how to identify them
4) Ensure as much visibility of their infrastructure and users behaviour as possible to allow issues to be identified.
Source: Computer Weekly