Continental

The LockBit ransomware gang has claimed responsibility for a cyberattack against the German multinational automotive group Continental.

LockBit also allegedly stole some data from Continental's systems, and they are threatening to publish it on their data leak site if the company doesn't give in to their demands within the next 22 hours.

The gang has yet to make any details available regarding what data it exfiltrated from Continental's network or when the breach occurred.

Ransomware gangs commonly publish data on their leak sites as a tactic to scare their victims into negotiating a deal or into returning to the negotiation table.

Since LockBit says that it will publish "all available" data, this indicates that Continental is yet to negotiate with the ransomware operation or it has already refused to comply with the demands.

Continental entry on Lockbit's data leak site
Continental entry on Lockbit's data leak site (BleepingComputer)

​Breached in an August cyberattack

Continental's VP of Communications & Marketing, Kathryn Blackwell, didn't confirm LockBit's claims and would not share any details regarding the attack when BleepingComputer reached out but, instead, linked to a press release from August 24 regarding a cyberattack that led to a breach of Continental's systems.

"Please see the statement we have issued on this topic. Unfortunately, I cannot provide you with any further details," Blackwell told BleepingComputer.

According to the press release, the company detected a security breach in early August after attackers infiltrated parts of its IT systems.

"Immediately after the attack was discovered, Continental took all necessary defensive measures to restore the full integrity of its IT systems," Continental said.

"With the support of external cybersecurity experts, the company is conducting an investigation into the incident. The investigation is ongoing."

The automotive multinational is yet to share its findings. Blackwell also refused to link the August cyberattack to LockBit's claims and told BleepingComputer that she "cannot provide any further detail at this time."

Continental reported sales of €33.8 billion in 2021, and it employs more than 190,000 people across 58 countries and markets.

The LockBit ransomware gang

LockBit ransomware first surfaced in September 2019 as a ransomware-as-a-service (RaaS) operation. It relaunched as the LockBit 2.0 RaaS in June 2021 after ransomware groups were banned on cybercrime forums [1, 2].

In February, the FBI released a flash alert containing LockBit indicators of compromise and asking organizations breached by the gang to report any incidents urgently.

Several months later, in June, LockBit released 'LockBit 3.0' and introduced Zcash cryptocurrency payment options, new extortion tactics, as well as the first ransomware bug bounty program.

Earlier this year, LockBit also claimed ransomware attacks on the Italian Internal Revenue Service and digital security giant Entrust. In 2021, Fortune 500 company Accenture also confirmed it was breached after the gang asked for a $50 million ransom not to leak data stolen from its network.

However, LockBit's claims that they breached Mandiant were dismissed by the cybersecurity company and proved to be nothing more than an attempt to distance itself from the Evil Corp cybercrime gang following a Mandiant report linking the two.

Related Articles:

New ScreenConnect RCE flaw exploited in ransomware attacks

LockBit ransomware affiliate gets four years in jail, to pay $860k

The Week in Ransomware - March 1st 2024 - Healthcare under siege

LockBit ransomware returns to attacks with new encryptors, servers

LockBit ransomware returns, restores servers after police disruption