View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
November 23, 2022

FBI joins investigation into Continental ransomware attack

The attack took place in the summer, and data is for sale online after the tyre and automotive parts company refused to pay the ransom.

By Claudia Glover

The FBI has joined an investigation into a ransomware attack on German tyre and car parts company Continental AG. The attack was carried out by notorious ransomware gang LockBit 3.0, with the data is now being sold online for $50m.

Automotive parts manufacturer Continental AG calls in the FBI to help in an ongoing ransomware investigation. (Photo by Karolis Kavolelis/Shutterstock)

Continental first announced it had been hit by a cyberattack in August. The company has since confirmed that significant amounts of data has been stolen, possibly including sensitive information from automotive partners Volkswagen, BMW and Mercedes. 

Continental hack: the FBI gets involved

The quantity of the stolen data has been reported to be around 40TB. Some close to the case have suggested that the encrypted information may contain minutes of supervisory board meetings, draft resolutions and presentations by Continental’s board of directors.

LockBit 3.0 has reportedly put the data up for sale for $50m on its dark web blog, after Continental refused to pay the ransom. 

The company has opened an investigation, which now apparently involves the FBI. According to the German daily newspaper Handelsblatt, it is not yet known who called in the agency to work on the case, but Continental operates several plants in the US, meaning such data may be involved in the leak. 

The FBI has been pursuing LockBit throughout its previous generations, LockBit and LockBit 2.0, and now the current LockBit 3.0, also known as LockBit Black. 

Continental’s board has come under pressure in the aftermath of the attack. Employee representatives wrote to the board last week calling for clarification of the cyber incident and an assessment of what the consequences the attack could be for staff.

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

The head of Continental’s advisory board, Wolfgang Reitzle, confirmed to Handelsblatt that the board will be holding an emergency meeting to brief staff 

“Continental informed the relevant authorities of the incident and is in close contact with them, including the security authorities,” the company said in a statement following the breach. “The company is aware of its data protection obligations and – in consultation with the responsible data protection authorities – is taking the necessary steps to ensure they are completely fulfilled.”

LockBit 3.0’s high-profile victims

LockBit 3.0, has been terrorising organisations since it emerged in June. This new generation of the gang coincided with an increase in victims being published to the LockBit leak site, indicating that this year has heralded a period of intense activity for the gang, according to research published by NCC Group.

High-profile victims include the NHS, which had its 111 services knocked out by a supply chain attack over the summer, leaving employees using pen and paper. The gang also attacked the Italian tax office stealing more than 100 GB of data. The data allegedly included financial reports, contracts and other documents.

Mandiant, the cybersecurity company owned by Google which services much of the US public sector, also reportedly fell foul of the prolific ransomware gang, with 350,000 files supposedly stolen. Mandiant says it found no evidence of such a breach.

Read more: Does the UK need a cybersecurity regulator?

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.