Ransomware group LockBit is claiming responsibility for an attack on German auto parts maker Continental as it threatens to leak company data.
The group added Continental – a 33.8 billion euro maker of tires, brake systems and internal electronics – to its leak site Thursday, giving the company a Friday deadline to respond to its extortion demand.
The Hanover-based multinational acknowledged in August experiencing a cyber incident but said it repelled hackers. The “company maintains full control over its IT systems,” it said.
Continental has not since provided an update and did not provide additional information when contacted.
LockBit has emerged as the premier post-Conti ransomware-as-a-service group, or at least its constant self-promotion encourages people to think so (see: Keys to LockBit’s Success: Self-Promotion, Technical Acumen). Based on leak site monitoring, Malwarebytes consistently places LockBit at the top of its list of most-active ransomware groups. Leak sites have well known biases for determining ransomware activity but are a source of data in a landscape otherwise bereft of it.
In June, it released version 3.0 of its ransomware. Its builder was leaked, possibly by a former LockBit developer. The builder appears to offer “a high level of customization,” Malwarebytes wrote, noting that hackers doing the dirty work of getting LockBit onto victim computers “can choose their own C2 server, choose the processes they want to terminate, modify the ransom note, and so on.”