Kawasaki Motors Europe (KME) recently revealed it was the target of a ransomware attack that occurred at the start of the month. While the company has stated that the attack was not entirely successful, it resulted in a temporary isolation of their servers to prevent further damage. The ransomware group behind the attack has since posted a notice on the dark web, claiming responsibility and hinting at the exposure of stolen data.
Incident details
KME, headquartered in the Netherlands, operates an extensive server network across its European branches. The attack occurred on September 5, 2024, and although the threat actors' efforts were thwarted, KME's IT department decided to disconnect all of their servers as a precautionary measure. The team quickly enacted a strategic recovery plan, which included a comprehensive cleansing process to examine and remove any suspicious files.
The IT response involved both internal experts from KME and external cybersecurity consultants, who spent the following week methodically isolating and checking the integrity of each server. By the beginning of the next week, over 90% of the company's servers were restored, allowing Kawasaki's European operations to largely resume normal activities, including interactions with dealers and third-party logistics providers.
RansomHub claims Kawasaki
Despite these efforts, the attackers, believed to be affiliated with the RansomHub ransomware group, posted a message on their dark web site indicating they had successfully stolen data from the company. They listed the compromised domain as “kawasaki.eu” and claimed to have exfiltrated 487GB of data. RansomHub set a countdown timer for September 14, 2024, suggesting a potential leak of the stolen data if Kawasaki doesn't comply with their demands.
Kawasaki Motors Europe (KME) is a significant entity within the global Kawasaki group, responsible for the manufacturing and distribution of motorcycles across Europe. The company, founded in 1963 through the merger of Kawasaki and Meguro, has a long history of producing iconic motorcycle models such as the H1 and GPz900R. With extensive operations involving numerous third-party suppliers and logistics companies, a data breach of this magnitude could have widespread ramifications, including compromised supply chains and sensitive partner data being exposed.
Although Kawasaki has been able to restore most of its operations, the risk posed by the potential leak of the 487GB of data remains a serious concern. CyberInsider contacted Kawasaki to verify the threat actor's data breach claims, but the motorcycle company has not responded to our queries yet.
Phony AppleCare+ Pages Hosted on GitHub Promoted via Google Ads
Leave a Reply