Posted on February 12, 2022 at 7:31 PM
In January, Emil Frey, one of the largest car dealerships in Europe, was affected by a ransomware attack. The company only recently revealed the details of the attack conducted by Hive ransomware.
Emil Frey is based in Switzerland, and it confirmed that it was hacked after a list of victims was published by Hive ransomware on February 1.
Ransomware attack on Emil Frey
A spokesperson from the company issued a statement about this ransomware attack saying, “We have restored and restarted our commercial activity already days after the incident on January 11, 2022. The spokesperson did not reveal any additional details about this hacking attack. Moreover, they failed to mention whether any customer information had been affected during the breach.
As aforementioned, Emil Frey is one of the leading car dealers in Europe. The company has around 3000 employees, and in 2020, it managed to generate around $3.29 billion in sales. These sales came from the firm’s automobile business. Following the staggering sales, revenues and the total number of vehicles sold, Emil Frey was ranked as the top car dealership firm in Europe.
Authorities issue alert over Hive ransomware group
The Federal Bureau of Investigations (FBI) has mentioned the Hive ransomware group in the past. In August 2021, the FBI alerted this ransomware group after the organization lodged a series of attacks on healthcare organizations.
In 2021, the Hive ransomware group was associated with attacks on at least 28 healthcare organizations. One of these attacks was conducted on the Memorial Health System. The latter was affected by a major ransomware attack on August 15 that affected its operations.
The FBI issued an alert that detailed how this ransomware group conducted its attacks. The alert issued by the FBI stated that this ransomware group corrupted systems and backups. It performed this action before directing the victims to use a link that leads them to the group’s “sales department.” This department can be accessed using a TOR browser.
By following this link, a victim will also go to a live chat with the attackers behind this hack. However, the FBI notes that these attackers can be persistent in their strategies as some victims have claimed being called by them demanding ransom.
The ransomware group usually carries out its threats after a provided timeframe. The deadline usually ranges between two and six days.; some of the affected victims have negotiated with the ransomware group to extend the payment period, and the same has been granted. However, failure to pay the ransom usually leads to leaked user data.
On Wednesday, the FBI, the National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA), the UK National Cyber Security Center (NCSC) and the Australian Cyber Security Centre (ACSC) issued a warning about ransomware attacks. The organizations stated that the increased risk of ransomware attacks continued to threaten the cyberinfrastructure and organizations globally.
The increased risk of cybersecurity attacks has been attributed to working from home structures. With organizations transforming into remote working models, critical information has been exposed to hackers, especially in cases where organizations do not have a strong virtual private network (VPN) or cybersecurity infrastructure.
Ransomware attacks are not the only form of attack that threaten organizations globally. Other attacks have also been launched to phish and steal customer information to use later in lodging other forms of attacks.
The warning issued by the cybersecurity agencies stated, “We live at a time when every government, every business, every person must focus on the threat of ransomware and take action to mitigate the risk of becoming the victim. Reducing risk to ransomware is core to CISA’s mission as the nation’s cyber defense agency, and while we have taken strides over the past year to increase awareness of the threat, we know there is more work to be done to build collective resilience.”
The threat of ransomware attacks has grown even bigger as hackers have been evolving and launching new strategies to attack users. By using advanced hacking techniques, some of these attackers can bypass the cybersecurity structures that have been adopted by some companies.
Moreover, ransomware groups have also become more efficient as some have launched call centres that can be used by hackers to guide victims on how they can make ransomware payments. Recently, ransomware attacks have evolved and transitioned into cloud infrastructure. Such attacks can affect large organizations and many individuals.