Daughter in France paralyzed by hacker attack

by time news
Hensoldt

The armaments group specializes in sensors and encryption technology.

(Photo: dpa)

Berlin, Düsseldorf The security company Hensoldt has been targeted by cybercriminals. In the past few days, hackers have penetrated the systems of the French subsidiary Nexeya, the company announced on Thursday. The burglary is massive: the attackers sucked off a large amount of data and encrypted databases.

Hensoldt says it has launched an extensive investigation and involved the authorities. At the same time, work is being done to restart operations as quickly as possible, said a spokesman.

Nexeya develops and produces electronics for military and civil aviation. Customers include the Airbus Group. According to the latest information, the Hensoldt subsidiary with around 600 employees has a turnover of around 100 million euros.

The attack on Hensoldt probably started last Friday, but it was only noticed at the beginning of this week. According to Hensoldt, the malware was not spread beyond the company’s own network. Customer systems should therefore not be affected.

Tagus Top-Jobs

Find the best jobs now and
be notified by email.

Insiders familiar with the case report that the hacker group “REvil” is said to be responsible for the attack. Investigators blame the force for thousands of so-called ransomware attacks, in which data is encrypted and only released again for a ransom.

Hensoldt apparently target of Russian hackers

This would speak for a purely criminal background. However, the REvil members operate primarily from Russia, and political motives would also be conceivable.

Hensoldt is a leading manufacturer of electronic components such as sensors and radar systems, which are used in the Ukraine, among other places. According to the circles, Hensoldt has not yet received a ransom demand.

The criminal organization REvil, also known as Sodinokibi, is notorious in the IT security scene. A representative once told a Russian blog that ransomware was used to extort two billion dollars in protection money – around a hundred million dollars had already been stolen.

The group is primarily targeting large, solvent companies. The Brazilian meat company JBS paid eleven million dollars after an incident.

REvil: Activities of the hacker group are increasing again

The group operates two “business models”: On the one hand, the hackers themselves blackmail companies. On the other hand, they rent out their technology to others who are called “affiliates” – in business terms – “partners”. These are components such as the encryption software, the chat system and the payment service. For this service, the affiliates pay part of their collected ransoms to REvil.

Experts therefore refer to this model as “ransomware as a service”, based on the business of software service providers

From autumn 2021, however, security authorities from 17 countries managed to arrest several REvil members. The darknet website where the group published data about its victims to increase pressure then disappeared, possibly due to pressure from law enforcement to pursue them.

Activities associated with the group have been observed again for a few months. In a recent analysis, the IT security company Malwarebytes writes of a comeback.

More: On “big game hunt”: Hackers are now attacking software companies with thousands of customers

You may also like

Leave a Comment