It has been reported that German car parts maker, Gedia Automotive Group, has been forced to close its IT operations after suffering from a massive cyberattack.
The automotive group based in Attendorn has been the victim of a cyberattack by a gang using ransomware known as Sodinokibi.
The company supplies lightweight chassis parts to carmakers worldwide to Spain, Poland, Hungary, China and the US. The company said in a statement that as a result of the attack, it immediately shut down its systems to prevent a complete breakdown of IT infrastructure.
Sam Curry, Chief Security Officer at Cybereason, said: “In an ideal world, we wouldn’t pay ransoms. Ever. Funding the dark side and losing money hurts our corporations and the general public. However, some companies and institutions have no option in the world of ransomware. If operations are down long enough, businesses can be ruined; and for some organisations like hospitals or parts of critical infrastructure literal lives could be lost. How much is a life worth? Do you ever want to make that calculation?
“This is not a time for panic, but we can say two things with certainty. Companies like Travelex and Gedia are not exceptional in their vulnerability. They are dealing with real pain and have a long road to recovery. They should not be vilified or pilloried for being in the crosshairs. Second, now is the time to prepare. Use peacetime and the calm of non-incident time to get ready. If you aren’t in a crisis, you should be preparing for one. Preparation means building a dialogue with the business and very specifically reducing vulnerability, preventing as much as possible with traditional security, understanding risk and having a detection mindset to try to avoid having an incident.
“But it also means getting ready for when you are struck: minimising the extent of damage, knowing whom to call in a crisis, having contingencies, practicing rapid recovery, building the business processes you may need when the unthinkable occurs. For now, the vast majority of companies can be excused being made a victim. However, one day we will move from the ‘shame me once, shame on you’ phase to the ‘shame me twice, shame on me’ phase. Now is the time to get ahead of this for shareholders, customers and constituents before the unthinkable happens.”