Dusseldorf The Verden public prosecutor’s office is concerned with the cyber attack on the automotive supplier Continental. A spokesman for the authority said on request that she was investigating unknown persons. The central office for combating crime in information and communication technology, which prosecutes cybercrime crimes, is based in Verden near Bremen. She did not want to comment on details.
Continental had confirmed information from the Handelsblatt on Monday, according to which cybercriminals had accessed significant amounts of data from the Dax group in an attack in August. According to corporate circles, it is about 40 terabytes of data. A terabyte corresponds to approximately 6.5 million document pages. It is the first time that such a massive data theft has become known at a Dax group.
Behind the attack on the supplier is the professional group “Lockbit 3.0”, which is said to operate primarily from the Russian-speaking area. The hackers operate a business model that experts call ransomware. They use encryption software to block those affected from accessing important data and threaten to publish it if no ransom is paid.
Lockbit ransomware group courts insiders
It is unclear whether, in the case of Continental, Lockbit gained access to the company’s systems itself or whether someone who already had access helped. Lockbit is known for targeting insiders from companies, giving them access to their employers’ data, regardless of size or industry. In return, the hackers promise them a share of the ransom.
Top jobs of the day
Find the best jobs now and
be notified by email.
The group has not yet published any Conti data on its dark web presence. However, the blackmailers presented chat messages that they claim to have exchanged with Continental negotiators for weeks. Accordingly, the cybercriminals also demanded a ransom from the group. Finally, in early November, they announced that they were preparing the captured data for publication.
The news suggests that sensitive documents could also be in the hands of the blackmailers. A list of file names that Lockbit sent to the Dax group as proof of the data theft shows, among other things, an Excel file “Work Sheet Air Cleanliness_Evaluation Q2 2022 and Special Measurements”.
The list alone, with which the hackers give an overview of the stolen data, is said to be eight gigabytes in size. Continental declined to comment on the chats and other details of the attack. The company announced in August that it had “identified” a cyber attack and “then averted it,” according to a press release. At the same time, an internal investigation was launched.
Lockbit then contacted the company in September, claiming responsibility for the attack and threatening to release the stolen data. Around the same time, the Continental investigation is said to have shown that “the attackers were able to steal a part of the data despite established security precautions”. Continental refrained from issuing another official press release.
More: Ransomware group apparently captured 40 terabytes of Conti data