RaaS – Ransomware as a Service “Make Ransomware great again” … and the end of Continental?

No, don’t get it wrongly! We do not engage in any illegal cyber activities!
We help organization to become more resilient in an every increasing weathers on the cyber shark ocean.

Ransomware is the dominant threat in cyber-attacks. According to Malwarebytes, Lockbit is leading a group of three dominant ransomware gangs, with 59 attacks in October 2022 alone, followed by ALPHV (28) and Black Basta (25). Although some progress against the criminals becomes visible, e.g. the Lockbit arrest of a dual Russian-Canadian national, who is in custody in Bradford, ON, Canada to be extradicted to the US. Though, due to missing reporting requirements, underestimation of the threat or other far-reaching reasons that allow successful attacks, combatting cyber crime is a growing monumental challenge.

As a prominent example:  

The most aggressive group, Lockbit 3.0, seem to have infiltrated into one of Germany’s large automotive companies, Continental, already in August 2022, though it was only on 15. November 2022 that the press spread the news.

On 24. August 2022, Continental postulated on their website to have averted a cyberattack. “the technology company maintains full control over its IT systems. According to current information, the IT systems of third parties have not been affected…”.

On 7. November 2022, the German “Handelsblatt” reported: “Cyber attack on Continental: Ransomware group apparently captures 40 terabytes of data. A significant amount of data has been leaked in an attack on the DAX-listed corporation. Chat logs show that the hackers are demanding a ransom.” According to the Handelsblatt news of 15. November 2022, captured data include very sensitive information “about Continental’s customers, employees and business partners are also likely to be affected.” The list published by the attackers in the Darknet, is “almost eight gigabytes in size and shows the storage paths of 55 million files. According to the hackers, these all originated from Continental servers. The list includes budget, investment and strategy plans, documents from the human resources department, as well as confidential documents and communications from the executive and supervisory boards. Correspondence from Supervisory Board Chairman Wolfgang Reitzle is apparently also affected.”

Apparently, such event was not considered as severe, otherwise as an investor (and professor as well as institute director on compliance and corporate governance) I would have expected an ad hoc message being published according to the to adjust my investment decisions…

Continental themselves postulate to be a technology company driving the digitization in the automotive space “pioneering technologies and services for sustainable and connected mobility of people and their goods. Founded in 1871, the technology company offers safe, efficient, intelligent and affordable solutions for vehicles, machines, traffic and transportation”.

In the 2021 Annual Report, the word “cyber”, “IT” or “security risks” showed up only twice (report of the supervisory board, general remarks on product portfolio). No evidence on important of this area can be seen, i.e. that this is a key area with adequate investments and operational focus.
With a new CFO since Dec. 2021, being responsible for Group Information Systems as well, it does not really look like the focus has been put on an organizational resilience it takes to counter what is the dominant business risk: cyber-attacks.

Time will show if Continental can circumvent a massive business impact (the share price is comparatively at ease), and what the lessons learnt are from this critical event, OR … if it already presents the end after 151 years of existence…

What it takes to establish firm preventive measures, and to have teams, processes and tools at hand for fast reaction and recovery and to establish cyber resilience, is a highly individualized task that require a holistic approach and operational excellence to implement: (IT)security is a process and need to be lived up to, data protection is a result of it. We help you to discover effective and efficient ways how to implement cyber resilience.