Automotive Giant Denso Confirm Ransomware Attack

The automotive parts manufacturer Denso have become the latest victims of ransomware, with the Pandora ransomware group claiming responsibility.

Denso is one of the largest automotive parts manufacturers in the world, and supplies parts to the likes of Toyota, Honda, Ford and Volva to name but a few car manufacturers. They say that it’s parts are used in almost all vehicles around the globe. The company, based in Japan, employs 168,391 people worldwide across more than 100 subsidiaries. In 2020/21, their revenue was $44.6 billion. The ransomware attack occurred on 10th March, soon after which the Pandora ransomware group began to leak data allegedly stolen during the attack. The automotive said that when the ransomware attack was detected, the company’s entire network was shut down. Denso maintains that there has been no disruption caused in terms of production or manufacturing schedules.

The Pandora ransomware gang have claimed responsibility for the attack, with the group’s leak site claiming that 1.4TB of data has been stolen. The traditional ransomware model was to infect and encrypt a system’s data and hold is ransom. However, as companies and individuals have started adopting more effective backup solutions, cybercriminals have evolved in order to keep up with the times. Now, it’s common for hackers to encrypt data and steal it too, threatening to release it publicly unless the ransom is paid. This piles on the pressure for victims to pay out, as leaked confidential data could lead to further loss of earnings. In instances like the Denso ransomware attack, sample files are put onto a website, which even included an official-looking purchase order with invoice details on where to send the ransom to.

It is believed that only the company’s corporate network in Germany was affected, and was shut down immediately, limiting its spread. In a statement, Denso said "After the detecting the unauthorized access, Denso promptly cut off the network connection of devices that received unauthorized access and confirmed that there is no impact on other Denso facilities."