An overseas subsidiary of heavy machinery giant IHI Corp. was the victim of a ransomware attack in February and had its internal information exposed on a website operated by the attacker, according to sources.
In ransomware attacks, attackers would once encrypt data and recover it in exchange for money, but since last year, incidents of “double blackmail” type attacks, which threaten to reveal the stolen data, have been increasing, prompting experts to advise caution.
The company attacked was IHI Charging Systems International GmbH, which produces turbochargers for automobiles in Germany.
According to IHI and other sources, a computer was infected with ransomware called Clop in February. The company’s data was encrypted, and despite being asked to pay for its recovery, the company refused. The inside information was then exposed on the attacker’s website on the “dark web,” a collection of websites not accessible through a regular search.
The dark web can only be accessed through communication utilizing specific software and is frequently used for criminal purposes because the encryption system keeps its users anonymous.
The attacker’s website, called Clop Leaks, had information about IHI Charging Systems International’s data backup server and what appears to be ID’s or passwords that allow free access to internal systems.
The attacker said on its website that IHI’s computer had a serious security flaw and it protected data using strong encryption codes, but the company refused to pay for the protection. The attacker also said that IHI doesn’t seem to care about the privacy of its clients or employees, and hinted that it would disclose more information if IHI wouldn’t pay.
“It’s true that we were attacked, but we refuse to comment on the details. Security measures have already been taken. We did not negotiate with the attacker,” an IHI official said.
According to Yu Arai, an executive security analyst at NTT Data Corp., ransomware attacks have so far been characterized by the encryption of data in infected computers, rendering it unusable and demanding money for its restoration. Since last year, however, there has been a growing number of cases in which hackers break into systems, strip them of administrative rights, steal information, and then encrypt it.
“We would like basic measures, such as not opening suspicious emails and closing security holes [or vulnerability], to be undertaken frequently,” Arai said.