A Volkswagen Dealership Has Been Hit by “Conti” Ransomware

• The Conti ransomware group is showing its teeth right away, by compromising a Volkswagen dealership.
• The actors targeted a franchise in Salzkotten, so the entity and the incident fall under the GDPR.
• The leaked details include invoices that reveal the customer names, addresses, and products bought.

According to multiple sources, including French media and Cyble, a German dealership belonging to the Volkswagen Group has fallen victim to the “Conti” ransomware group. The actors stole data in the process and are now publishing them on their dedicated leaks portal. The data includes thousands of invoices that come from workshop service and the sales of spare parts.

In total, there are 8,325 invoices in PDF form, exposing details that could be used in scamming or phishing attacks against the clients. Also, these invoices could help BEC actors targeting VW.

Volkswagen is a German car manufacturer which also happens to be among the most successful in the world based in sales numbers. They sell over 10 million cars every year, and they were the highest-selling marque in the world between 2016 and 2017, surpassing other giants in the field like Toyota, Ford, General Motors, and Hyundai.

This event places the breached entity in GDPR trouble, as the leaked invoices contain client names, postal addresses, the products they purchased, etc. Having to cover the payment of GDPR fines couldn’t come at a worse time, as all automakers are going through a rough period of dramatic sales drop, and this, of course, includes dealerships.

Conti is the Ryuk group’s successor, and they operate as a private “ransomware as a service” (RaaS). They only recently launched a leak site and flooded it with data from previously undisclosed ransomware infections.

According to the researcher Vitali Kremez, Conti has been mostly joined by experienced and capable hackers who were promised a generous cut from the ransomware payment. Thus, we see a spike in the Conti infections, and the compromise of the VW service points' systems is just an indicative example of what’s about to come.

According to Cyble, the part of the firm that has been targeted and compromised is a franchise in Salzkotten, Germany. Thus, the leak comes from authorized workshops in that area.

If you live in the area and you’ve taken your car for a service at a local VW service point, you’d better start taking precautions against scammers and phishing actors.

We have received the following statement from a representative of the VW Group in relation to the above story:

Read More:

• REvil Ransomware Hits Spain’s State-Owned Railway Management Body
• “Maze” Ransomware Actors Compromised Large IT and Aerospace Companies
• The City of New Orleans was Targeted by Ryuk Ransomware Actors