ThyssenKrupp sample database for sale on data leak website

In August 2020, Mount Locker ransomware gang targeted Engineering and Technology giant ThyssenKrupp in what appears to be a data breach. ThyssenKrupp is a German multinational conglomerate and with 670 subsidiaries worldwide it is one of the world’s largest steel producers. The company is based in Duisburg and Essen. One of their subsidiaries ThyssenKrupp Marine Systems manufactures frigates, corvettes and submarines for the German and foreign navies. And in a recent cyberattack targeting the group, Mount Locker ransomware operators advertise what seems to be 30 MB of data related to ThyssenKrupp System Engineering group.

Mount Locker operators, who refer to their victims as clients, maintain a site in the dark web to display leaked data if the victim refuses to pay the demanded ransom. To authenticate the threat, they have posted part of ThyssenKrupp’s data publicly on their data leak website. The data is apparently being sold for 35 BTC.

Business Impact of Ransomware

• Loss/ unavailability of critical data and other crucial information
• Business downtime resulting in monetary loss
• Business disruption after the attack 
• Loss of reputation and goodwill for the victim organization 
• Client lawsuits and compliance fines
• Damage to hostage systems, data, and files

Mitigation

• Defense in depth implementation
• Strong network perimeter defense
• Vulnerability and patch management 
• Impart security training to employees addressing dangers of social engineering
• Practicing cyber hygiene
• Periodic Vulnerability Assessment and Penetration Testing
• Purple Teaming for organizations with mature cyber security programmes