Posted on December 12, 2021 at 9:40 AM
Swedish carmaker Volvo Cars have announced that it recently suffered a hacking incident from unknown threat actors who stole research and development information from its servers.
“Volvo Cars has become aware that one of its file repositories has been illegally accessed by a third party,” the manufacturer stated.
However, the company noted that only a limited amount of its R&D property was stolen during the attack. Additionally, Volvo admitted that the intrusion could have an impact on the company’s operations.
Volvo Says The Incident Is Under Investigation
Volvo also said it has informed relevant authorities about the intrusion and after discovering the hacking incident. It also noted that third-party experts have been involved in the investigation into the breach.
The carmaker stated that it immediately implemented stronger security measures to offer more protection to its server after detecting the intrusion.
However, the cyberattack didn’t have any impact on the security or safety of its customers’ cars of personal data, Volvo explained.
However, it added that the assertion was only based on their investigation into the incident so far and based on currently available information.
According to Bleeping Computer, a ransomware group known as Snatch has already claimed responsibility for the attack. The group has already published a small detail of the documents allegedly stolen from the company and added it to their leak site.
Cybersecurity firm Sophos confirmed that the threat group has been active since 2018, but became recognized as a serious ransomware group in 2019. At the time, they rebooted an infected computer into Safe Mode and bypassed antivirus software, eventually running a ransomware encryption process.
The Sophos MTR team stated that its investigation revealed that the ransomware sets itself up as a service that runs during a Safe mode boot. However, the researchers believe that the Safe Mode enhancement of the ransomware is a newly added feature.
Snatch Poses A High Severity Risk
SophosLabs also warns that the snatch ransomware poses high risks and organizations should not underestimate the severity of the dangers it poses to networks. The team noted that other security firms and users should be aware of the dangers posed by ransomware.
The Snatch ransomware, according to SophosLabs, consists of a data stealer and a collection of tooling, which include a ransomware component.
Both of them are built by the threat actors who operate the malware.
The group has also been known to buy access to victim networks and hide for several days, increasing their presence on the compromised network before launching the ransomware process on the system.
The Group Also Engages In Ransomware Theft
In addition to encrypting victim networks, the group also became notorious as a ransomware gang that engages in data theft.
Security awareness advocate at KnowBe4, Erich Kron, noted that most ransomware is distributed by exploiting RDP instances open to the market or through phishing emails, but the latest ransomware attack on Volvo has all the markings of Snatch.
“The Snatch gang makes great use of RDP in infection and lateral movement within an organization,” he added.
Kron said in addition to beefing up security resources, another great way to defend against the threat of this type of malware is for organizations to train their employees. They should be enlightened on the operations and attacking methods of ransomware. Also, employees should be trained on the importance of always using complex passwords and avoiding sharing passwords with other accounts. Kron added that organizations should be wary of brute force attacks on RDP data.
Since the intrusion, the threat group has already leaked 35.9MB of the allegedly stolen data from Volvo’s server.
Volvo Declines Further Comment On The Incident
It’s not clear whether the group has demanded ransom from Volvo, who has refused to comment further on the incidence.
Volvo declined to respond to messages sent to confirm whether the screenshots shared by the ransomware gang are of files stolen from its servers. The carmaker simply stated, “We cannot comment any further”.
Volvo stated that although it takes all cyber threats to its systems very seriously, it doesn’t provide details of potential cyber security threats or attacks.
The carmaker further stated that cyber security is an integral part of its operations and global development work. In addition, it is actively involved in the international work on standardization and best practices on cyber security.