The manufacturer of cycling-related components Shimano had to deal with an attack ransomware by the group LockBit.
According to what was leaked, the data stolen from the company included residential addresses, telephone numbers, bank statements, financial documents, confidential documents and contracts, to name a few. Overall, it speaks well 4.5 TB of data subtracted.
The redemption deadline set by LockBit was supposed to expire on November 5, with Shimano not giving in to cybercriminals. In fact, in a statement, the cybercriminal group communicated how the data was disseminated online.
Shimano has yet to release a statement on the breach, but responding to questions from the media, the company stated how “This is an internal matter at Shimano and we cannot comment on anything at this time“.
Shimano does not appear to have any intention of paying the ransom to LockBit
LockBit is probably the largest ransomware group in the world. In May 2022 he was responsible for the 40% of all ransomware attacks register in the world.
More recently, the group launched an attack on the Boeing, claiming to have stolen a large amount of data. While the aerospace company said it was evaluating the veracity of the claim, the threat actor deleted the company from its site.
While neither side has explained why this is the case, it could outline several scenarios. For example, that ransom negotiations have been initiated or have been fruitful for hackers or other situations that are difficult to clarify.
Certainly, ransomware is now a mass phenomenon, capable of involving large companies such as Shimano and Boeing as well as small and medium-sized businesses. In this sense, acting preventively with an adequate defensive strategy is now a must for any type of company.