Shimano Industries, a prominent Japanese multinational manufacturing company specializing in cycling components, fishing tackle, and rowing equipment, fell victim to the world's largest ransomware group, LockBit. The group stole 4.5 terabytes of sensitive company data.
The company had previously been involved in the production of golf supplies until 2005 and snowboarding gear until 2008. Situated in Sakai, Osaka Prefecture, the corporation operates with 32 consolidated and 11 unconsolidated subsidiaries. Its primary manufacturing facilities are strategically located in Kunshan (China), as well as in Malaysia and Singapore.
According to Flashpoint, a company specializing in cyber-crime protection, it labels LockBit as the 'most active' ransomware group globally. Flashpoint attributes 27.93 percent of all documented ransomware attacks to this particular group.
As reported by Cycling News, LockBit is a cybercrime group that uses malicious software to break into companies' sensitive data. Once they have the information, they demand money from the targeted companies, threatening to make the compromised data public if payment is not made.
The announcement asserts that the group has infiltrated exceptionally sensitive information, encompassing:
1. Employee details, comprising identification, social security numbers, addresses, and scanned passports.
2. Financial records, including balance sheets, profit and loss statements, bank statements, various tax forms, and reports.
3. Client information, involving addresses, internal documents, mail exchanges, confidential reports, legal documents, and results from factory inspections.
4. Miscellaneous documents, such as non-disclosure agreements, contracts, confidential diagrams and drawings, developmental materials, and laboratory test results.
The Data has been Leaked?
Earlier this month, Escape Collective initially disclosed that hackers issued a threat to release 4.5 terabytes of confidential data unless Shimano made an undisclosed ransom payment. The compromised data, as outlined by Escape Collective, encompasses confidential employee information, financial records, a client database, and various other sensitive company documents.
The hackers imposed a deadline for the ransom, set for November 5, 2023. Subsequently, when the stipulated demands went unmet, the message on LockBit's website changed, indicating that "all available data" had been made public. However, notably, there was no corresponding download link provided for accessing the data.
