Since the first official press release on August 24, 2022, the major German automotive supplier Continental has been battling the potentially serious consequences of a data theft by the notorious cybercrime and hacker group Lockbit 3.0. The usual threats such as ransom demands, encryption and blocking of the data content in question, as well as its publication on the so-called darknet are in the air. The theft involves a considerable amount of sensitive business and customer data: 30 terabytes.
On November 8, the Handelsblatt reported on the latest state of affairs. According to the report, the responsible public prosecutor's office in Verden near Bremen, together with the local central office for combating crime on the Internet, initially opened an investigation 'against persons unknown' in order to track down the perpetrators following their attempt to blackmail the Hanover-based DAX company. Details have not been published for security reasons. In particular, it is not yet clear whether the attack can be traced back to an internal data leak. In other such attacks against large industrial companies or government organizations such as authorities, Lockbit was also able to bribe insiders to gain access to protected data.
However, a long list of names of the captured files, as published in the Handelsblatt newspaper, shows that company data has been compromised to a considerable extent. Among other things, it contains documents on measurements of air cleanliness, which the hacker group claims to have presented in months of (and prominently leaked) internet chats with the negotiators at Continental. According to the company, the Lockbit group explicitly threatened to publish the stolen data in September. Continental itself insists that the "attack was averted" and that no criminal third-party encryption of the data on the company's own servers took place.
According to Continental, the investigation of the incident with the help of "external experts" is in full swing. The company has "full control of its IT systems". The systems of third parties, i.e. customers and business partners, in particular in terms of data protection law, have not been compromised according to the current state of knowledge. Further details, in particular any ransoms paid to release the stolen files, were not disclosed.
As the news magazine Der Spiegel pointed out on November 7, the criminal hacker group Lockbit 3.0 recently boasted that it had also attacked the French defense contractor Thales Group with similar demands. Der Spiegel suspects that the hacker group originated in Russian-speaking countries. Corresponding investigations are already underway at the public prosecutor's office in Cologne. According to Der Spiegel, the Californian provider of antivirus software programs Malwarebytes Inc. reported that Lockbit 3.0 carried out a total of 430 cyberattacks worldwide between March and August 2022.
