[German]Car manufacturer Volvo, or Volvo Cars Corporation, currently owned by a Chinese holding company, has fallen victim to a successful ransomware cyberattack. My report a few days ago has been confirmed, the company is sounding the alarm as data from research and development has been leaked. The Snatch Ransomware group had recently claimed a successful attack on the company.
Advertising
Publication of the Snatch ransomware group
I had picked it up on December 1, 2021 in my German blog post Volvo Cars Corporation: Opfer eines Snatch Ransomware-Angriffs? that Volvo Cars Corporation had been a victim of a ransomware attack. The Snatch Ransomware group had posted a message to that effect on their leak page (see screenshot below).
(Snatch announcement about Volvo)
I could not do much with the above post, as it only deals with Volvo's history as a car manufacturer. But under the term Snatch Ransomware you can find it at Sophos. I myself had briefly reported on this malware in 2019 in the German post Sicherheitsrückblick (15. Dez. 2019). Then I had reported on a tweet from security researchers with the Twitter alias SecuNinja (@secuninja) stating that the Snatch ransomware gang claimed a successful hack on Volvo Cars Corporation. However, it remained unclear what really happened there.
Volvo confirms attack after 10 days
The carmaker took ten days to confirm the successful cyberattack in a brief statement dated Dec. 10, 2021. It states.
Notice of cyber security breach by third party
Volvo Cars has become aware that one of its file repositories has been illegally accessed by a third party. Investigations so far confirm that a limited amount of the company's R&D property has been stolen during the intrusion. Volvo Cars has earlier today concluded, based on information available, that there may be an impact on the company's operation.
After detecting the unauthorised access, the company immediately implemented security countermeasures including steps to prevent further access to its property and notified relevant authorities.
Volvo Cars is conducting its own investigation and working with third-party specialist to investigate the property theft. The company does not see, with currently available information, that this has an impact on the safety or security of its customers' cars or their personal data.
So it confirms the cyber attack and that data has been accessed by third parties. No words about the ransomware and the Snatch group.
The Snatch ransomware
The Snatch ransomware infects Windows systems and reboots the computer in safe mode after infection. Since most security solutions do not work in safe mode, the malware can bypass their protection. Afterwards, the Snatch ransomware attempts to rip off data and encrypts the system's disks. Sophos describes details of the malware, which can run on various operating systems, in this article.
Advertising
