RansomHub over the weekend reportedly released 487 gigabytes of Kawasaki Motors Europe (KME) data to the public internet in a case that has U.S. security pros concerned because of RansomHub’s prolific activity of late worldwide.
Since becoming active in February, the U.S. government has reported that RansomHub attacked more than 210 victims by the end of August alone.
“Given RansomHub's increased activity, U.S. companies should bolster cybersecurity measures, prepare robust incident response plans, and avoid paying ransoms, aligning with government advisories,” said Jason Soroko, senior fellow at Sectigo. “Staying informed about such threats and collaborating with authorities can mitigate risks and protect sensitive data.”
In this case, the motorcycle manufacturer evidently opted not to pay a ransom, which led to the release of the data. At press time Monday, the exact nature of the cyberattack was not known — nor was specific nature of the data exposed. However, RansomHub listed KME on its Tor leak site.
KME last week acknowledged in an advisory that it was the target of a cyberattack at the start of September. Although not successful, KME stated that the attack resulted in the company’s servers being temporarily isolated until a strategic recovery plan was initiated later the same day.
“KME and its country branches operate a large number of servers and, so as a precaution, it was decided to isolate each one and put a cleansing process in place whereby all data was checked and any suspicious material identified and dealt with,” said KME.
By the start of the following week, KME said more than 90% of server functionality was restored and, despite the need to ensure that each and every server was free of non-authorized information, normal business was resumed among its dealers, business administration and third-party suppliers such as logistics companies.
Agnidipta Sarkar, vice president and CISO Advisory at ColorTokens, added that now’s the time to take a step back, assess breach readiness, and build cyber defense models into playbooks that can be triggered into action on demand.
“It’s also time for CISOs to communicate the higher risk identified through the breach assessment results to business leadership so other initiatives can be put on hold and funds are appropriately used to become breach-ready, by reducing exposed vulnerable systems, and where necessary into foundational capabilities like micro-segmentation, immutable backups, and other anti-ransomware tools,” said Sarkar.