The hacker group claims it stole 2TB of data from the semiconductor giant and used and used LV ransomware, which appears to be a repurposed form of REvil malware.
Semiconductor manufacturer Semikron has been hit with a ransomware attack that partially encrypted its network, the company said.
Semikron said the attack came from a “professional hacking group” which partially encrypted IT systems and files. The company is currently investigating and cleaning up its network in response, according to a statement on 1 August.
The hacker group also claims to have stolen data from Semikron. This claim is being investigated by the semiconductor giant, which said it will inform affected customers and “contractual partners” when more information is available.
Semikron has 24 branches with eight production sites across Germany, Brazil, China, France, India, Italy, Slovakia, and the US. The manufacturing giant says 35pc of the wind turbines installed annually are operated with its technology.
Repurposed REvil ransomware
Semikron has not confirmed if any data was stolen from the hackers. However, an alert was issued by the German Federal Office for Information Security that the company is being blackmailed with threats to leak stolen data, according to BleepingComputer.
A ransom note deployed on one of Semikron’s systems that was seen by BleepingComputer suggests the attackers stole 2TB of data and used LV ransomware in the attack.
Research from cybersecurity firm Secureworks suggests this ransomware is a repurposed version of the malware used by REvil.
This ransomware-as-a-service cybergang is likely responsible for a major cyberattack on the US last year that affected more than 1,000 businesses and organisations.
Secureworks said in a report that the LV ransomware is being used by a threat group known as Gold Southfield. The cybersecurity company said the original REvil source code could have bought or stolen by this ransomware group.
Commenting on the attack, Sam Linford, a vice-president at cybersecurity company Deep Instinct, said cyberattackers put decision makers under “extreme pressure” to make them pay ransoms in order to decrypt their systems and stop data leaks.
“Unfortunately, this method is working,” Linford said. “Our research has shown that businesses paid an average of £3m in ransomware demands, and if threat actors know that this method is working, they will continue to use it.”
Linford said too many organisations are taking a reactive approach when dealing with the threat of ransomware attacks.
“Organisations should be implementing a prevention-first mindset to stop ransomware attacks before they breach the network,” Linford said. “It is time we take a stand against cyber criminals and show that we have had enough.”
Ransomware gangs continue to target important manufacturers and critical infrastructure companies in Europe.
Creos, a natural gas and electricity network operator in Luxembourg said it suffered a ransomware attack toward the end of July, during which a “certain amount of data” of Creos and its parent company Encevo was exfiltrated.
Ransomware gang BlackCat has claimed responsibility for the attack. Researchers believe this gang includes members of the group responsible for the Colonial Pipeline cyberattack that occurred last year, TechMonitor reported.
10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.