Hyundai Motor Europe, the European division of the South Korean automaker, confirmed it suffered a ransomware attack earlier this year.
In early January, news broke of a cyber incident within the company, but Hyundai quickly dismissed the conversation, claiming to have simply experienced “IT issues.”
However, beepcomputer discovered new evidence pointing to a data theft incident, after which Hyundai came clean and confessed.
great threat
“Hyundai Motor Europe is investigating a case in which an unauthorized third party has accessed a limited part of Hyundai Motor Europe's network,” Hyundai Motor Europe said in a statement.
“Our investigations are ongoing and we are working closely with third-party legal and cybersecurity experts. The relevant local authorities have also been notified. Trust and security are fundamental to our business, and our priority is the protection of our customers, employees , investors and partners.”
No further details have yet emerged from the company, including who carried out the attack, what type of information was stolen (customer data, employee data, partner data or something else entirely), whether there were any ransom demands and what they were. So far, we have reports from BleepingComputer claiming that it was the Black Basta ransomware threat actor that orchestrated the attack and that approximately 3 terabytes of data were taken.
The publication claims to have seen lists of folders possibly stolen from different Windows domains, including those of KIA Europe. The folder names suggest that the data belonged to legal, sales, human resources, accounting, IT and management departments.
Black Basta first appeared in April 2022 and has since grown to become one of the largest and most dangerous ransomware operators out there.
Late last year, a Sophos report indicated that several ransomware operators, including Black Basta, began intentionally using remote encryption, a super destructive ransomware attack method. The company's CryptoGuard anti-ransomware technology detected a 62% year-over-year increase in intentional remote encryption attacks.