Sodinokibi ransomware attack cripples Gedia Automotive Group’s IT network

Sodinokibi ransomware attack cripples Gedia Automotive Group’s IT network

IT services major Collabera suffers Maze ransomware attack

German automotive parts manufacturer Gedia Automotive Group became the latest victim of the global scourge of ransomware infections after a hacker group used the Sodinokibi ransomware to gain control over the company’s entire IT infrastructure.

The destructive Sodinokibi ransomware attack was announced by the hacker group in a couple of Russian-speaking underground forums and also by Gedia Automotive Group in a statement posted on its website.

The company announced on Monday that the ransomware attack was detected earlier this week and forced it to shut down its entire IT infrastructure to prevent a complete breakdown as all of its factories are connected to the infrastructure.

Gedia supplies lightweight automotive parts and chassis components to around fifteen global automakers and employs more than 4,300 people in offices located in Germany, the United States, Spain, India, Poland, and Hungary.

“A massive cyber attack was carried out on the headquarters of the Gedia Automotive Group in Attendorn at the beginning of this week. After discovery and investigation, an immediate system shutdown was decided by the management. This action was taken to prevent a complete breakdown of the IT infrastructure,” the company said.

“The shutdown has far-reaching consequences for the entire GEDIA Group because all locations are connected to the central IT structure. An emergency plan ensures production, material supply and the processing of customer deliveries. The critical systems are running. External security experts support the analysis and repair of the damage.

“According to initial analyzes, it is an attack by cybercriminals from Eastern Europe. Since large parts of the administration are not able to work due to the shutdown, almost the entire administration employees in Attendorn are initially at home within a flexible rule. After planning, functions will be put back into operation as necessary. From today’s perspective, it will take weeks to months until full functional processes are completely restored,” GEDIA added.

Sodinokibi ransomware let hackers steal 50GB of blueprints and employee & client data

The hacker group responsible for the Sodinokibi ransomware attack on Gedia Automotive Group’s IT infrastructure posted its exploits in Russian-speaking underground forums, stating that it had obtained 50GB of data from the automotive parts maker that included “blueprints, employees’ and clients’ details.”

The group added that Gedia had been asked to pay ransom within seven days to recover control over its files, failing which all the stolen files would be uploaded to a data exchange platform.

Commenting on the Sodinokibi ransomware attack targeting Gedia’s IT network, Stuart Sharp, VP of solution engineering at OneLogin, said that the best defence against ransomware is a robust Business Continuity Plan which includes regular backups, version control and thorough testing of disaster recovery procedures.

“Companies that leverage cloud-based storage and automatic syncing from end point devices will be well-placed to recover from such attacks, but should practice the recovery procedure to minimise downtime if an attack does occur,” he added.

Peter Draper, technical director EMEA at Gurucul, said that companies can avoid falling victim to malware or ransomware infections by following a few best practices such as:

1) Ensure good and regular backups are available to be able to recover quickly.
2) Utilise good endpoint protection
3) User awareness of phishing attacks and how to identify them
4) Ensure as much visibility of their infrastructure and users behaviour as possible to allow issues to be identified.

Source: Computer Weekly

ALSO READ: Eurofins forced to pay ransom following crippling ransomware attack

Copyright Lyonsdown Limited 2021

Top Articles

Making employees part of the solution to email security

Security Awareness Training needs to be more than a box-ticking exercise if it is to keep organisations secure from email threats

Windows Hello vulnerability: Bypassing biometric weakness without plastic surgery

Omer Tsarfati, Cyber Security Researcher at CyberArk Labs, describes a flaw that allows hackers to bypass Windows Hello’s facial recognition Biometric authentication is beginning to see rapid adoption across enterprises…

Legacy systems are holding back your digital transformation

Legacy systems pose a threat to organisational security. IT leaders need to be courageous and recognise the need to upgrade their technology

Related Articles

[s2Member-Login login_redirect=”” /]