Another major automotive manufacturer has been claimed by ransomware. After devastating attacks on Jaguar and BMW, this time, the Qilin cybercriminal gang has co-opted Volkswagen France as its latest victim.
Volkswagen Group France, a subsidiary of the German-born Volkswagen AG (Volkswagen Aktiengesellschaft), was posted on the Qilin ransomware group’s leak site on October 14th.
Qilin claims to have exfiltrated about 2,000 files and 150 GB of data consisting of sensitive client, employee, and business information. The group further provides a sample of half a dozen documents as proof of its handiwork.
According to its website, the French subsidiary, formed in 1960, is responsible for marketing and distributing vehicles, parts, and accessories for several automotive brands in France.
Based in Villers-Cotterêts, Volkswagen France manages distribution and sales for several upscale brands, including Audi, SEAT, CUPRA, ŠKODA, and Volkswagen Commercial Vehicles.
The samples examined by Cybernews appear to contain owners’ personal details, such as names, addresses, email addresses, and other detailed information, including the type of Volkswagen models owned, vehicle identification (VIN) numbers, and license plate numbers.
Auto manufacturing cyberattacks have dominted headlines in recent months.
Last month, the Everest ransomware group targeted German manufacturer BMW – which also owns Mini and Rolls-Royce – claiming to have pilfered an undisclosed amount of “Critical BMW Audit Documents” from the luxury automaker’s servers.
With close to 160,000 employees, the BMW Group website states it has over 30 manufacturing sites across 15 countries.
On August 31st, Jaguar Land Rover (JLR) was hit by a ransomware attack that forced the company to "proactively shut down” its systems, incapacitating the high-end auto manufacturer’s retail arm, as well as operations at multiple production facilities.
The cyberattack, since claimed by Salesforce and M&S hacker gangs Scattered Spider and Shiny Hunters, lasted for weeks, with JRL having to pause operations during restoration efforts, and tell staff to remain at home.
The same week, Bridgestone Americas confirmed the tire manufacturer also had suffered a “limited cyber incident” with some reports stating that operations at all Bridgestone facilities across North America had been affected.
Qilin ransomware gang wins most active for 2025
Qilin has moved into the number one position as the most active ransomware gang in the past 12 months, targeting roughly 585 victims, according to Cybernews' Ransomlooker monitoring tool.
Qilin has aggressively outperformed its ransomware rivals, claiming more than 500 attacks since the beginning of January.
Earlier this week, the group reportedly breached two Texas electric power cooperatives – San Bernard Electric Cooperative and Karnes Electric Cooperative. With combined annual revenues equaling close to $200 million, the attack exposed an array of sensitive financial documents.
And before that, Qilin claimed responsibility for a major cyberattack on Asahi Holdings, Japan’s largest brewer. The attack disrupted operations and caused a shortage of the country’s most popular beers, soft drinks, and cold teas.
The gang also claims to be behind an attack on the California Golf Club of San Francisco, considered one of the nation’s most exclusive members-only golf clubs, and a favorite of Silicon Valley execs. The gang allegedly stole 10GB of its members' data.
Known for using a ransomware-as-a-service (RaaS) business model, the cybercriminal outfit often uses double extortion tactics on its victims, demanding a ransom for decryption and then a second payout to guarantee it will not leak the stolen files on the dark web after the fact.
The group, which is said to actively recruit affiliates on Russian language hacker forums, also avoids targeting Commonwealth of Independent States (CIS) countries, insinuating a Kremlin-aligned agenda.
Last making waves with an October 2nd hit on Israel's 4th largest hospital, Shamir Medical Center on Yom Kippur, the group recently claimed attacks on Nissan Japan's design arm, Creative Box, and US pharmaceutical research conglomerate Inotiv.
Past Qilin victims further include California PR firm Singer Associates, energy and manufacturing giant SK Group, US newspaper conglomerate Lee Enterprises, the Houston Symphony, Detroit’s PBS TV station, top North American auto parts suppliers Yanfeng in China, and the Utsunomiya cancer treatment center in Japan.
Your email address will not be published. Required fields are markedmarked