Automotive consumer electronics giant Voxx Electronics is the latest ransomware victim to be claimed by the notorious BlackCat ransom gang.
The Russian-affiliated gang is now promising to offer up a trove of the stolen data to the highest bidder on the dark web – all because the company failed to give in to the criminals' demands.
BlackCat, also known as ALPHV, first posted about the attack on their official dark web leak site on Wednesday.
AudioVox is just one of ten name-brand technology subsidiaries, listed under Voxx Electronics.
The gang claims to have been able to hack the leading North American mobile electronics supplier by exploiting an “enormous number of vulnerabilities,” allowing them to access large amounts of “critical information.”
BlackCat presented a long list of the types of data stolen from the company on a separate Voxx leak page including:
- Personal data such as bank and financial records
- Source data from various developments of the company
- Management correspondence and conversations
- Analytical data including confidential documents of Voxx customers and partners
The threat actors also posted a handful of random samples of files taken from the company’s network system.
Voxx was given a deadline of 72 hours within which to contact the ransom gang through a private link, or "additional activity would be triggered."
That activity included announcing the Voxx breach on their leak site, informing all Voxx customers about the incident, and providing a download link to confidential client files.
“All customers of the company will be informed about the incident and that Voxx Electronics approves the distribution and disclosure of their confidential data,” BlackCat said.
What's more, the gang promised to sell the stolen information on the dark web for nefarious purposes.
“Electronics' confidential customer data will be sold on the black market for money laundering and other criminal activities,” the group said.
BlackCat also claims that “Voxx Electronics management is fully aware of the incident,” and basically called out the company for refusing to cooperate.
“Your refusal to cooperate with us in the specified time will be taken as full consent to the disclosure of the clients' and partners' data to the public domain and its monetization for criminal purposes,” the gang said.
Voxx Electronics – known by most as Audiovox – is the North American subsidiary of its electronics manufacturing parent company Voxx International.
BlackCat in the news
This Monday, the group claimed to have hacked the international accounting and consulting firm Mazar Group.
BlackCat claims to have stolen over 700 GB of sensitive information in that attack, including client agreements and financial records.
In January, the US Office of Information Security put out a warning bulletin about BlackCat (and Royal) ransomware.
By late February, the gang had hit multiple targets in the US, including a healthcare network of more than a dozen hospitals. BlackCat had previously claimed that they would avoid ransom attacks on the healthcare industry.
The ransomware-as-a-service group was first detected in November 2021, reportedly compromising over sixty victims in its first four months of activity.
According to the FBI, Blackcat's administrator is thought to be a former member of another Russian-based ransomware gang, REvil, and often targets their victims with triple extortion.
This is when the threat group not only steals the files but threatens to leak them, as well as bombarding the victims' servers using distributed denial of service (DDoS) attacks.
The gang is also known to use the Rust programming language, more than a dozen different ransomware strains, including ColbatStrike and Emotet, and multiple encryption algorithms.
Nearly half of BlackCat victims are located in the US, and ransom demands can go as high as $1.5 million, according to the FBI bulletin.
Cybernews has reached out to Voxx International and is awaiting its response.
Your email address will not be published. Required fields are markedmarked