Security

A Volkswagen Dealership Has Been Hit by “Conti” Ransomware

By Bill Toulas / August 28, 2020
volkswagen

According to multiple sources, including French media and Cyble, a German dealership belonging to the Volkswagen Group has fallen victim to the “Conti” ransomware group. The actors stole data in the process and are now publishing them on their dedicated leaks portal. The data includes thousands of invoices that come from workshop service and the sales of spare parts.

In total, there are 8,325 invoices in PDF form, exposing details that could be used in scamming or phishing attacks against the clients. Also, these invoices could help BEC actors targeting VW.

invoice sample

Source: Cyble

Volkswagen is a German car manufacturer which also happens to be among the most successful in the world based in sales numbers. They sell over 10 million cars every year, and they were the highest-selling marque in the world between 2016 and 2017, surpassing other giants in the field like Toyota, Ford, General Motors, and Hyundai.

This event places the breached entity in GDPR trouble, as the leaked invoices contain client names, postal addresses, the products they purchased, etc. Having to cover the payment of GDPR fines couldn’t come at a worse time, as all automakers are going through a rough period of dramatic sales drop, and this, of course, includes dealerships.

Conti is the Ryuk group’s successor, and they operate as a private “ransomware as a service” (RaaS). They only recently launched a leak site and flooded it with data from previously undisclosed ransomware infections.

According to the researcher Vitali Kremez, Conti has been mostly joined by experienced and capable hackers who were promised a generous cut from the ransomware payment. Thus, we see a spike in the Conti infections, and the compromise of the VW service points' systems is just an indicative example of what’s about to come.

According to Cyble, the part of the firm that has been targeted and compromised is a franchise in Salzkotten, Germany. Thus, the leak comes from authorized workshops in that area.

If you live in the area and you’ve taken your car for a service at a local VW service point, you’d better start taking precautions against scammers and phishing actors.

We have received the following statement from a representative of the VW Group in relation to the above story:

A dealership in Germany has reported a hacker attack on its data. There was no unauthorized attempt to access Volkswagen's own IT systems. The dealership concerned has already taken extensive measures to secure its systems. Volkswagen offered the dealership support with the investigation and analysis.

Also, the automaker has clarified that it is not them who will have to go through a GDPR investigation but the dealership. In Germany, VW dealerships function as independent units, and so VW is not affected in any way by this security event.

Read More:


Add a Comment
Related Posts

A U.S. Supreme Court Compromised by “Conti” Ransomware Actors


September 12, 2020

CISA and the FBI Publish Second Alert on the Conti Ransomware Group


September 23, 2021

Finolex Suffers Data Leak Following Conti Ransomware Attack


May 20, 2021

The Scottish Environment Protection Agency Was Hit by Ransomware


January 16, 2021

The Irish Health Services Received the Ransomware Decryption Key for Free


May 21, 2021

Irish Health Service Says It Will Take Weeks and Tens of Millions of Euros to Get Back Online


May 18, 2021

© TechNadu 2024. All Rights Reserved.

Close lightbox
Facebook
Twitter
Linkedin
Reddit
Email
Copy Link
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari