Shimano is a victim of the Lockbit 3.0 ransomware (Nov. 2023)

Sicherheit (Pexels, allgemeine Nutzung)[German]Japanese manufacturer Shimano is probably familiar to every cyclist. Now the company has become a victim of Lockbit ransomware. At the very least, the Lockbit group has posted a corresponding publication on its leak page and threatened to publish data from November 5, 2023 if no ransom is paid. The creator has not yet commented on this.


Who is Shimano?

Shimano is a Japanese manufacturer of bicycle components and accessories with around 12,000 employees. Somewhere in the portfolio are also fishing and snowboard products as well as cold forged parts. Above all, however, Shimano is the global market leader for many mechanical bicycle parts, especially drivetrains and shifting groupsets. Shimano freewheel hubs and derailleurs will probably be familiar to anyone who knows anything about

Shimano generates almost four-fifths of its turnover of around 3.4 billion euros with bicycle components and just under one-fifth with fishing accessories (rods and reels). Other products account for less than one percent of turnover.

The ransomware infection

I first came across the information about the ransomware incident on BlueSky in the following post. The Cycling News page has compiled some information in this article.

Lockbit hits Shimano

The site Escape Collection was probably the first to report on the ransomware incident at Shimano by the ransomware group Lockbit. They had noticed a post by the group on the darknet where LockBit 3.0 announced that 4.5 terabytes of data had been extracted.


Shimano Ransomware

The ransomware gang writes that employee data, including social security data, addresses, passport copies and much more personal data has been captured. But also confidential and financial data of the company or the data of customers are among the captured data.

  • Confidential employee data – including social security numbers, home addresses and passport scans
  • Financial documents – including balance sheets, budgets, bank statements, cash flow and tax details
  • Customer database – including contact details, reports, meeting minutes, factory inspection results, incident reports and legal documents
  • Confidential diagrams and drawings, laboratory tests, NDAs, contracts and development materials.

LockBit 3.0 demands a ransom from Shimao and threatens to publish the data from November 5, 2023 without payment. I haven't found anything about a cyber incident on the Shimano website. The manufacturer probably wants to keep the incident "under wraps" until further notice.

When asked by Escape Collective, a European Shimano representative confirmed that "headquarters is aware of the alleged attacks and an investigation is underway". Representatives from the USA did not wish to comment when asked.

The Shimano websites do not appear to be affected at this time, and Shimano did not respond to questions about the size of the ransom or the current impact on the company's operations.

Cookies helps to fund this blog: Cookie settings

This entry was posted in Security and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *