{"id":22516,"date":"2021-12-10T18:19:20","date_gmt":"2021-12-10T17:19:20","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=22516"},"modified":"2021-12-10T18:19:20","modified_gmt":"2021-12-10T17:19:20","slug":"besttigt-volvo-wurde-opfer-eines-cyberangriffs-der-snatch-ransomware-gruppe","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2021\/12\/10\/besttigt-volvo-wurde-opfer-eines-cyberangriffs-der-snatch-ransomware-gruppe\/","title":{"rendered":"Volvo Cars Corporation was victim of cyberattack by Snatch ransomware group"},"content":{"rendered":"<p><img decoding=\"async\" title=\"Sicherheit (Pexels, allgemeine Nutzung)\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline\" alt=\"Sicherheit (Pexels, allgemeine Nutzung)\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2021\/04\/Sicherheit_klein.jpg\" width=\"200\" align=\"left\">[<a href=\"https:\/\/www.borncity.com\/blog\/2021\/12\/10\/besttigt-volvo-wurde-opfer-eines-cyberangriffs-der-snatch-ransomware-gruppe\/\" target=\"_blank\" rel=\"noopener\">German<\/a>]Car manufacturer Volvo, or Volvo Cars Corporation, currently owned by a Chinese holding company, has fallen victim to a successful ransomware cyberattack. My report a few days ago has been confirmed, the company is sounding the alarm as data from research and development has been leaked. The Snatch Ransomware group had recently claimed a successful attack on the company.<!--more--><\/p>\n<h2>Publication of the Snatch ransomware group<\/h2>\n<p><img loading=\"lazy\" decoding=\"async\" alt=\"\" src=\"https:\/\/vg01.met.vgwort.de\/na\/269d7e199a0e49919f899f5589d950e1\" width=\"1\" height=\"1\">I had picked it up on December 1, 2021 in my German blog post <a href=\"https:\/\/www.borncity.com\/blog\/2021\/12\/01\/volvo-cars-corporation-opfer-eines-snatch-ransomware-angriffs\/\" target=\"_blank\" rel=\"noopener\">Volvo Cars Corporation: Opfer eines Snatch Ransomware-Angriffs?<\/a> that Volvo Cars Corporation had been a victim of a ransomware attack. The Snatch Ransomware group had posted a message to that effect on their leak page (see screenshot below).<\/p>\n<p><img decoding=\"async\" title=\"Snatch announcement about Volvo\" alt=\"Snatch announcement about Volvo\" src=\"https:\/\/i.imgur.com\/iVFFhdu.png\"> <br \/>(Snatch announcement about Volvo) <\/p>\n<p>I could not do much with the above post, as it only deals with Volvo's history as a car manufacturer. But under the term Snatch Ransomware you can find it at <a href=\"https:\/\/news.sophos.com\/en-us\/2019\/12\/09\/snatch-ransomware-reboots-pcs-into-safe-mode-to-bypass-protection\/\" target=\"_blank\" rel=\"noopener\">Sophos<\/a>. I myself had briefly reported on this malware in 2019 in the German post <a href=\"https:\/\/www.borncity.com\/blog\/2019\/12\/15\/sicherheitsrckblick-15-dez-2019\/\" target=\"_blank\" rel=\"noopener\">Sicherheitsr\u00fcckblick (15. Dez. 2019)<\/a>. Then I had reported on a <a href=\"https:\/\/twitter.com\/secuninja\/status\/1465953556343701505\" rel=\"noopener\" target=\"_blank\">tweet<\/a> from security researchers with the Twitter alias SecuNinja (@secuninja) stating that the Snatch ransomware gang claimed a successful hack on Volvo Cars Corporation. However, it remained unclear what really happened there.  <\/p>\n<h2>Volvo confirms attack after 10 days<\/h2>\n<p>The carmaker took ten days to confirm the successful cyberattack in a brief <a href=\"https:\/\/www.media.volvocars.com\/global\/en-gb\/media\/pressreleases\/292817\/notice-of-cyber-security-breach-by-third-party-1\" target=\"_blank\" rel=\"noopener\">statement<\/a> dated Dec. 10, 2021. It states.<\/p>\n<blockquote>\n<p>Notice of cyber security breach by third party<\/p>\n<p>Volvo Cars has become aware that one of its file repositories has been illegally accessed by a third party. Investigations so far confirm that a limited amount of the company's R&amp;D property has been stolen during the intrusion. Volvo Cars has earlier today concluded, based on information available, that there may be an impact on the company's operation.  <\/p>\n<p>After detecting the unauthorised access, the company immediately implemented security countermeasures including steps to prevent further access to its property and notified relevant authorities.  <\/p>\n<p>Volvo Cars is conducting its own investigation and working with third-party specialist to investigate the property theft. The company does not see, with currently available information, that this has an impact on the safety or security of its customers' cars or their personal data.<\/p>\n<\/blockquote>\n<p>So it confirms the cyber attack and that data has been accessed by third parties. No words about the ransomware and the Snatch group. <\/p>\n<h2>The Snatch ransomware<\/h2>\n<p>The Snatch ransomware infects Windows systems and reboots the computer in safe mode after infection. Since most security solutions do not work in safe mode, the malware can bypass their protection. Afterwards, the Snatch ransomware attempts to rip off data and encrypts the system's disks. Sophos describes details of the malware, which can run on various operating systems, in <a href=\"https:\/\/news.sophos.com\/en-us\/2019\/12\/09\/snatch-ransomware-reboots-pcs-into-safe-mode-to-bypass-protection\/\" target=\"_blank\" rel=\"noopener\">this article<\/a>.&nbsp; <\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]Car manufacturer Volvo, or Volvo Cars Corporation, currently owned by a Chinese holding company, has fallen victim to a successful ransomware cyberattack. My report a few days ago has been confirmed, the company is sounding the alarm as data from &hellip; <a href=\"https:\/\/borncity.com\/win\/2021\/12\/10\/besttigt-volvo-wurde-opfer-eines-cyberangriffs-der-snatch-ransomware-gruppe\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580],"tags":[69],"class_list":["post-22516","post","type-post","status-publish","format-standard","hentry","category-security","tag-security"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/22516","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=22516"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/22516\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=22516"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=22516"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=22516"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}