The FBI has joined an investigation into a ransomware attack on German tyre and car parts company Continental AG. The attack was carried out by notorious ransomware gang LockBit 3.0, with the data is now being sold online for $50m.
Continental first announced it had been hit by a cyberattack in August. The company has since confirmed that significant amounts of data has been stolen, possibly including sensitive information from automotive partners Volkswagen, BMW and Mercedes.
Continental hack: the FBI gets involved
The quantity of the stolen data has been reported to be around 40TB. Some close to the case have suggested that the encrypted information may contain minutes of supervisory board meetings, draft resolutions and presentations by Continental’s board of directors.
LockBit 3.0 has reportedly put the data up for sale for $50m on its dark web blog, after Continental refused to pay the ransom.
The company has opened an investigation, which now apparently involves the FBI. According to the German daily newspaper Handelsblatt, it is not yet known who called in the agency to work on the case, but Continental operates several plants in the US, meaning such data may be involved in the leak.
The FBI has been pursuing LockBit throughout its previous generations, LockBit and LockBit 2.0, and now the current LockBit 3.0, also known as LockBit Black.
Continental’s board has come under pressure in the aftermath of the attack. Employee representatives wrote to the board last week calling for clarification of the cyber incident and an assessment of what the consequences the attack could be for staff.
The head of Continental’s advisory board, Wolfgang Reitzle, confirmed to Handelsblatt that the board will be holding an emergency meeting to brief staff
“Continental informed the relevant authorities of the incident and is in close contact with them, including the security authorities,” the company said in a statement following the breach. “The company is aware of its data protection obligations and – in consultation with the responsible data protection authorities – is taking the necessary steps to ensure they are completely fulfilled.”
LockBit 3.0’s high-profile victims
LockBit 3.0, has been terrorising organisations since it emerged in June. This new generation of the gang coincided with an increase in victims being published to the LockBit leak site, indicating that this year has heralded a period of intense activity for the gang, according to research published by NCC Group.
High-profile victims include the NHS, which had its 111 services knocked out by a supply chain attack over the summer, leaving employees using pen and paper. The gang also attacked the Italian tax office stealing more than 100 GB of data. The data allegedly included financial reports, contracts and other documents.
Mandiant, the cybersecurity company owned by Google which services much of the US public sector, also reportedly fell foul of the prolific ransomware gang, with 350,000 files supposedly stolen. Mandiant says it found no evidence of such a breach.