Ransomware Group Target Europe's Largest Car Dealer

One of Europe’s largest car dealers was hit by an attack by the Hive ransomware group last month.

Swiss dealer group Emil Frey was targeted by the Hive ransomware group in January. Bosses at the multi-billion-pound company, which was one of several companies attack the Hive group, say operations returned to normal within days. However, they have declined to say if any personal data was breached. Emil Frey employs around 3000 people, and generated $3.29bn in sales in 2020; based on revenue and number of cars sold, the company ranked as number one in Europe. This demonstrates the lengths that ransomware gangs are going to in order to increase their profits.

Hive is currently one of the most dangerous and present ransomware groups in the world. First spotlighted by the FBI in August last year after attacking more than 28 healthcare organisations in the world, Hive uses phishing emails with malicious attachments to gain access to systems. Once compromised, Hive actors will steal data and encrypt all files on the network, before leaving a ransom note on the victim’s system providing instructions on how to purchase the decryption software. It has been reported that some victims have had live-chat conversations with the perpetrators of attacks, and even phone calls demanding ransoms. The Hive ransomware group operates a leak site, where they threaten to publish confidential data unless a ransom is paid. Many of the healthcare companies affected by the Hive ransomware attack last year were forced to use paper patient charters, while emergency departments saw diversions.

A spokesperson for Emil Frey said: “We have restored and restarted our commercial activity already days after the incident on January 11, 2022”, although it is unknown if any personal data was compromised.