RansomHub, a newbie in the world of ransomware, has this time targeted the Japanese firm Kawasaki. To make their claims firm and not be considered a hoax, the group has publicized 487 GB of its compromised. The released data contains critical business documents, including financial information, banking records, dealership details, and internal communications, among the exposed files.
The data, along with the company details, was released on the dark web. This may be due to the refusal of paying the asked ransom by the company. Generally, the ransom group allows a period up to 90 days for victims to pay the asked money. This may also indicate that Kawasaki servers were compromised more than 90 days ago. RansomHub claims that it’s “only interested in dollars,” but its allegiance may be revealed by its other statement that it does “not allow CIS (Commonwealth of Independent States, consisting of Russia and their allies), Cuba, North Korea, and China to be targeted.”
“At the start of September, Kawasaki Motors Europe (KME) was the subject of a cyberattack which, although not successful, resulted in the company’s servers being temporarily isolated until a strategic recovery plan was initiated later on the same day,” the company said.
The KME IT department, IT staff and its branches, plus external cyber security advisors, spent the following week isolating and health-checking all servers and restoring their interconnectivity.
Ransomhub is demonstrating a high level of activity in the cybercrime world. Its recent victims include healthcare and education provider Planned Parenthood, along with government and finance sectors. The group is also credited with the creation of EDRKillShifter, a tool to wreak havoc on endpoint detection and response (EDR) systems.