Volvo, the Swedish carmaker, has hit the Google headlines for an alleged data leak caused by a ransomware incident. The luxury car maker is yet to disclose whether the hack is true and if the leaked information genuinely belongs to the company.
Cybersecurity Insiders learnt that the attack took place on December 31st last year and was accessed by the threat actors via a 3rd party servers and as Volvo’s staff failed or denied to pay a ransom, the stolen data was made public on a hacking forum.
Endurance Ransomware Group, first identified in November 2022, has claimed to have hacked US Government agencies from August-October 2022,
Now, the same malware distributing group is reported to be behind the Volvo cars hack.
For those uninitiated, in Dec’2021 a similar hack was reported by the company and R&D related data was put for sale on the web that includes future vehicle model details, car parts schematics, development projects details and employee data. A threat actors group dubbed ‘Snatch’ was suspected to be behind the incident.
So, the data now could be the same information either scrapped from the web or bought from the previous hack by those dealing with Endurance.
Currently, the Volvo data is being offered for $2,500 to be paid in Monero crypto-currency.
NOTE- If a victimized company doesn’t respond to the demands of the ransomware group, the threat actors sell that stolen data to interested parties for monetary benefits. Sometimes, even if the hacked victim pays the threat actors, the chances are high that they can be targeted twice or thrice in a year or till the vulnerability exploited previously is fixed.