Hyundai Motor Europe, the European division of the South Korean automaker, confirmed earlier this year that it had suffered a ransomware attack.
In early January, news broke of a cyber incident within the company, but Hyundai quickly shot down that conversation, claiming to have only experienced “IT issues.”
However, BleepingComputer discovered new evidence pointing to a data theft incident, after which Hyundai came clean and confessed.
Major threat
“Hyundai Motor Europe is investigating a matter in which an unauthorized third party gained access to a limited portion of Hyundai Motor Europe’s network,” Hyundai Motor Europe said in a statement.
“Our investigations are ongoing and we are working closely with external cybersecurity and legal experts. The relevant local authorities have also been informed. Trust and security are fundamental to our business, and our priority is protecting our customers, employees, investors and partners.”
More details from the company are yet to emerge, including who carried out the attack, what type of information was stolen (customer data, employee data, partner data, or something completely different), whether any ransom demands were made and what they were. So far we have reports from BleepingComputer stating that it was the Black Basta ransomware threat actor that orchestrated the attack and that approximately 3 terabytes of data were captured.
The publication claims to have seen lists of folders that may have been stolen from various Windows domains, including KIA Europe’s. Folder names suggest that the data belonged to legal, sales, human resources, accounting, IT, and management departments.
Black Basta was first spotted in April 2022 and has since grown into one of the largest and most dangerous ransomware operators out there.
Late last year, a Sophos report stated that a number of ransomware operators, including Black Basta, began deliberately using remote encryption, a super-destructive method for ransomware attacks. The company’s anti-ransomware CryptoGuard technology detected a 62% increase in deliberate remote encryption attacks year-over-year.