RansomHub releases 487GB of data allegedly stolen from Kawasaki


RansomHub, a ransomware newcomer that rose to prominence this year, has claimed a breach of Japanese company Kawasaki and released 487GB of its data publicly.

Last week, Kawasaki's European headquarters released a statement in which they informed the public that it was recovering from a cyberattack.

“At the start of September, Kawasaki Motors Europe (KME) was the subject of a cyberattack which, although not successful, resulted in the company’s servers being temporarily isolated until a strategic recovery plan was initiated later on the same day,” the company said.

ADVERTISEMENT

Due to the incident, as a precaution, KME and country branches isolated a large number of servers and “put a cleansing process in place” to check the data. It took a week to isolate and check all the servers, restore their interconnectivity, and resume normal business operations.

RansomHub has since leaked 487GB of data, allegedly belonging to the kawasaki.eu website. The gang posted the data on its extortion site on the dark web, which usually means that the company refused to pay the ransom. The post did not contain any notes except the company description and a link to the data.

The Hackread.com research team found critical business documents, including financial information, banking records, dealership details, and internal communications, among the exposed files.

RansomHub only emerged in February this year and already has compromised more than 200 victims, prompting the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and other agencies to release a joint advisory to fight this menace.

RansomHub claims that it’s “only interested in dollars,” but its allegiance may be revealed by its other statement that it does “not allow CIS (Commonwealth of Independent States, consisting of Russia and their allies), Cuba, North Korea, and China to be targeted.”

The ransomware operator asks for a 10% share from its affiliates, who often use double extortion tactics, threatening to publicly release the locked information. Ransom notes typically leave between 3-90 days to pay the ransom before the group publishes the stolen data.

ADVERTISEMENT