The group has set a June 9 deadline for the payment of an undetermined ransom. According to the blog, "all available data will be published" if the company does not collaborate with the cybercriminals before then.
Kyocera AVX’s clients involves military, industrial and automotive industries, for whom the company manufactures electronic products. It was established in the 1970s, and since 1990, it has been a part of Kyocera, a Japanese electronics business best known for its printers. Over 10,000 individuals are employed by it globally.
On May 26th, security researchers revealed that selected data of the company has been leaked and posted to LockBit’s dark web victim blog.
Apparently, the company’s data was breached following a cyberattack that took place on Fujitsu last year. The attack might have been the reason why LockBit was able to launch a supply chain attack on Kyocera AVX, and other companies that are partnered with Fujitsu via cyber or other social engineering attacks.
According to a Financial Times report, Fujitsu confirmed the attacks in December following a heads-up given by police agency of a potential intrusion. The intrusion further gave outsiders access to emails sent through an email system powered by Fujitsu.
It was later revealed that at least ten Japan-based companies, along with Kyocera AVX were victims of the attack.
Ransomware gang LockBit, which is assumed to have originated in Russia has been on news highlights pertaining to its interest on targeting organizations based in US and allied countries.
According to a report by security firm Malwarebytes, 126 victims have been posted by the ransomware gang in February alone.
This year, the gang targeted the UK Royal Mail, demanding ransom of $80 million in bitcoin. When the business refused to pay up, labeling the demands "ridiculous," the gang retaliated by sharing the information along with copies of the conversations between LockBit and Royal Mail's officials.
Later, it stole client information from WH Smith, a high-end street retailer in the UK. The hacker used current and previous employees' personal information. Since then, there has been no information indicating whether the business has paid the ransom.
In its recent case, this month, an individual named Mikhail Pavlovich Matveev who claims to have been involved with LockBit, has a bounty of $10 million on his head placed by the FBI. With connections to both the Hive and Babuk organizations, Matveev is believed to be a major participant in the Russian ransomware ecosystem.
![]() |
According to reports, Royal Mail rejected an $80 million (£66 million) ransom demand from the LockBit ransomware gang, declaring that it would "under no circumstances" pay the "absurd amount of money" demanded.
This is in regard to what appear to be chat logs that LockBit disclosed and were published on February 14, documenting weeks of thorough negotiations between LockBit and its victim, who was attacked on January 10.
The chat logs negotiating the ransoms are apparently the first pieces of information LockBit released following the cyberattack on Royal Mail, that halted the British postal service from sending certain products overseas. This is in spite of earlier threats by the ransomware group with ties to Russia to expose all stolen data on February 9.
The records seem to indicate that this was the last day of negotiations between LockBit and Royal Mail. Screenshots from LockBit's dark web leak site that was reviewed by TechCrunch reveal that talks started on January 12, two days after the U.K. postal company acknowledged that it had been compromised.
If the chat logs are legitimate, they indicate that LockBit demanded a grand total of $80 million as a ransom payment, which equals 0.5% of Royal Mail’s annual revenue. The negotiator for Royal Mail appeared to inform LockBit that the company would not comply with the demand and that they had mistaken Royal Mail International for Royal Mail.
“Under no circumstances will we pay you the absurd amount of money you have demanded[…]We have repeatedly tried to explain to you we are not the large entity you have assumed we are, but rather a smaller subsidiary without the resources you think we have. But you continue to refuse to listen to us. This is an amount that could never be taken seriously by our board.” says Royal Mail’s negotiator (anonymous) to a LockBit representative.
The ransom demand was reportedly then reduced by LockBit to $70 million on February 1.
The UK’s National Cyber Security Centre, investigating the Royal Mail has long urged the company against paying the ransom demand since this “does not reduce the risk to individuals, is not an obligation under data protection law, and is not considered as a reasonable step to safeguard data.” Additionally, the FBI advises victims to take precautions such as data backups rather than complying with extortion demands.
Royal Mail did not object to the legitimacy of the chat records when approached, it has declined to answer certain questions. “As there is an ongoing investigation, law enforcement has advised that it would be inappropriate to make any further comment on this incident,” said a Royal Mail spokesperson, who declined to provide their name.
The upcoming actions of Royal Mail are still not clear. As of now, since the negotiation between the company and LockBit appears to be unsuccessful, the company could soon be witnessing larger fallout if the stolen data is published online. LockBit’s dark web leak site currently informs that “all available data” has been published, although unavailable to be viewed.
The postal giant continues to face disruption in its services following the cyberattack, more than a month later. According to a company update dated February 14, despite advances (-i—international services were resumed to all destinations for online purchases) - the company is still unable to process new Royal Mail parcels and large letters requiring a customs declaration bought at the Post Office branches.
The LockBit ransomware gang has taken responsibility for a cyberattack against the German MNC automotive group continental.
LockBit also stole some data from Continental's systems, and they are blackmailing to leak it on their data leak site if the company doesn't agree with their demands within the next 22 hours.
The gang hadn't disclosed any info on what info was extracted from Continental's network or when the compromise happened.
Ransomware gangs usually post data on their leak websites as a strategy to frighten their targets into settling a deal or into getting back to the negotiation table.
Since LockBit says that it will leak "all available" data, this hints that Continental is yet to negotiate with the ransomware campaign or it has already refused to agree with demands.
Kathryn Blackwell, Continental's Vice President of Communications and Marketing, didn't acknowledge LockBit's claims and didn't disclose any information regarding the compromise, she said recently the statement the company has given in the press release regarding the issue.
As per the press release, the company found a security compromise early in August when the hackers invaded parts of its IT systems.
As soon as the attack surfaced, Continental took all vital security measures to restore the full integrity of its IT systems.
With the assistance of external cybersecurity analysts, the organization has launched an inquiry into the incident. The investigation is currently under process.
The automotive MNC is still to share its findings. Blackwell also refused to link the August cyberattack to LockBit's claims, according to her, she couldn't share any more information at the moment.
Continental reported sales of €33.8 billion in 2021, and it has employed more than 190,000 people across 58 nations and markets.
The press release said:
"Continental informed the relevant authorities of the incident and is in close contact with them, including the security authorities. The company is aware of its data protection obligations and – in consultation with the responsible data protection authorities – is taking the necessary steps to ensure they are completely fulfilled.
The security of its employees’, customers’, and partners’ information as well as of its own data is paramount to Continental. That is why Continental has taken and continues to take extensive measures to constantly strengthen cybersecurity at the company."