LockBit Claims Ransomware Attack on Continental

Written by

The LockBit hacking group has claimed responsibility for the August cyber-attack against the multinational automotive group Continental.

The ransomware gang made the announcement on its leak site on Wednesday and is threatening to publish the company's data unless the ransom is paid over the next few hours of today (Friday).

On the dark web blog post, the group has yet to make any details available regarding what data it exfiltrated from Continental's network or when the breach itself occurred.

"Over the last year, we have seen a dramatic rise in the number of attacks caused by the LockBit ransomware group, with Continental the latest victim to have their data threatened to be published," said Raj Samani, SVP chief scientist at Rapid7.

"Our research shows that LockBit's market share in ransomware attacks per group has increased from 1% in 2020 to 4% in 2021. This will only grow if they are allowed to continue stealing sensitive data and selling it for profit," Samani told Infosecurity.

According to the executive, organizations need multiple layers of defense against ransomware attacks in order to protect themselves.

"This includes not just technologies to detect a potential intrusion or lateral movement but also implementing security controls should the threat remain undetected, such as the use of file encryption," Samani added.

While Continental did respond to a comment request from Infosecurity, it did not provide additional information beyond the August release. However, when the attack was initially discovered in August, Continental claimed to have detected the attack and averted it.

"Continental's business activities have not been affected at any point. The technology company maintains full control over its IT systems. According to current information, the IT systems of third parties have not been affected," the company wrote at the time.

Fast forward to the present day, the alleged deadline by LockBit is fast approaching, and the ransomware group's claims will likely soon be publicly proven or dismissed.

The Continental row comes days after an advisory by Microsoft linked the threat actors behind the Raspberry Robin worm with a complex and interconnected malware ecosystem comprising the Clop and LockBit ransomware groups.

What’s hot on Infosecurity Magazine?