RansomHub Ransomware Group Leaks Alleged Kawasaki Motors Stolen Data

• The RansomHub ransomware gang has published information allegedly stolen from Kawasaki Motors.
• The 487 gigabytes of data reportedly belong to the company’s Europe systems, as the company failed to meet the ransom demands.
• Kawasaki Motors Europe is listed as a victim on the cybercriminals’ leak site, but the motor giant called the attack “unsuccessful.”

The RansomHub ransomware group has released 487 gigabytes of data allegedly exfiltrated from Kawasaki Motors Europe (KME). The company recently disclosed that it was recovering from an “unsuccessful” cyberattack that occurred in early September. 

Their IT department, branch IT staff, and external cybersecurity advisors conducted a week-long operation to isolate and inspect all servers, restore interconnectivity, and ensure over 90% server functionality. This enabled the resumption of normal operations concerning dealers, business administration, and third-party suppliers.

The ransomware group RansomHub claimed responsibility for the attack, listing Kawasaki Motors on its Tor-based leak site even before the official incident notice by KME. The group threatened to release it publicly unless a ransom was paid.

Following a failed extortion attempt, RansomHub proceeded with its threat and published the data over the weekend. This incident adds Kawasaki Motors to the list of over 210 victims targeted by RansomHub, as reported by a joint US government advisory.

Kawasaki Motors, a division of Japanese manufacturer Kawasaki Heavy Industries, deals in motorcycles, utility vehicles, power sports products, parts, accessories, and gear, suggesting the potentially compromised data could be extensive and sensitive.

RansomHub is a ransomware-as-a-service (RaaS) that has been active since February. It overlaps with other ransomware groups, such as ALPHV (BlackCat) and Knight Ransomware. The group reportedly targeted over 210 victims in various sectors, including healthcare, government services, and critical infrastructure.

In recent news, RansomHub has been exploiting Kaspersky's TDSSKiller, traditionally used for identifying rootkits and bootkits, to disable endpoint detection and response (EDR) software and compromise target systems more efficiently.

The RansomHub ransomware gang recently hit Planned Parenthood of Montana and the Halliburton oilfield services giant. Change Healthcare's data breach was posted on RansomHub’s leak website after the cybercriminal group that claimed it, ALPHV, was shut down.

The recent Patelco Credit Union breach was also attributed to the RansomHub ransomware group. On August 15, after the ransom payment negotiations allegedly failed, the group leaked 726,000 customers' data on its extortion portal.