The notorious RansomHub ransomware group has recently leaked 487 gigabytes of data, allegedly stolen from Kawasaki Motors Europe (KME). This cyberattack was publicly revealed by Kawasaki last week, although the company has emphasized that the attack did not fully achieve its objectives.
Kawasaki's Immediate Response
In response to the breach, Kawasaki Motors Europe took swift action by temporarily isolating its servers and initiating a comprehensive "cleansing process" to identify and address potential infections. Despite these recovery efforts, RansomHub proceeded with the data release. On September 5, 2024, the group made the stolen information available on the dark web, utilizing its designated leak sites.
Details of the Leaked Data
The exposed files include critical business documents such as financial records, banking information, dealership details, and internal communications. The data leak features directories with titles like "Dealer Lists," "Financing Kawasaki," "COVID," and "Trading Terms," with timestamps indicating recent activity as early as September.
Kawasaki's Strategic Response to the Breach
While Kawasaki disclosed the breach to its customers, the company chose not to meet the ransom demands. Jason Soroko, Senior Fellow at Sectigo, speculated that Kawasaki prioritized restoring its systems over paying the ransom. He suggested that this decision reflects Kawasaki's commitment to managing the potential consequences of a data breach and underscores the importance of maintaining robust cybersecurity measures to avoid financial losses from ransom payments.
"Kawasaki Motors Europe’s official statement indicated a preference to handle the data loss rather than incur the financial cost of paying the ransom. The release of 487 GB of data by RansomHub implies, though does not confirm, that Kawasaki chose to forgo negotiations with the attackers, focusing instead on system restoration and data cleansing."
Lessons for Other Organizations
Soroko highlighted that Kawasaki's approach could serve as a model for other businesses. Instead of engaging with cybercriminals, companies should focus on recovery and strengthening their defenses against future attacks. He also emphasized the need for organizations, particularly in the United States, to enhance their cybersecurity infrastructure, prepare for potential incidents, and work with government authorities to manage ransomware threats effectively.
“With RansomHub's increased activity, US companies should strengthen their cybersecurity measures, develop comprehensive incident response plans, and avoid paying ransoms. Aligning with government advisories and staying informed about emerging threats can help mitigate risks and protect sensitive data,” Soroko advised.
The Growing Threat of RansomHub
RansomHub is a well-known player in the realm of cybercrime, particularly for its ransomware attacks. The group has recently gained notoriety for other major breaches, including a recent attack on Planned Parenthood, where they stole 93 gigabytes of sensitive data. This trend of heightened activity underscores the escalating threat posed by ransomware groups, which frequently target high-profile organizations across various sectors.
