According to a recent statement by car dealer Emil Frey, the enterprise was struck by a targeted ransomware attack in January.

Handling a ransomware attack

Counted among the largest car dealers in Europe, Emil Frey currently has over 3,000 employees, and in 2020, it generated over $3 billion in sales. Based on its revenue and its total number of vehicles offered for sale, the company is now ranked as the continent’s number one car dealership.

Emil Frey was displayed on a victim list hit by Hive Ransomware on February 1. As a result, the Swiss car dealer confirmed that it had been hit last month. A spokesperson for the firm declined to answer questions regarding whether or not customer data was accessed or exfiltrated during the event, but issued details on the restoration of its operations:

“We have restored and restarted our commercial activity already days after the incident on January 11, 2022.”

In August last year, the United States’ Federal Bureau of Investigation (FBI) highlighted the Hive Ransomware gang’s nefarious activities after its operators unleashed dozens of attacks on organisations in the healthcare sector in 2021.

Last year, Hive hit approximately 28 different healthcare organisations, including the Memorial Health System, which suffered a targeted ransomware attack on 15th August.

Hive Ransomware at work

In its security advisory, the FBI explained how Hive Ransomware first corrupts both an organisation’s systems and backup files. Once this stage is complete, it directs its chosen victims to an embedded link that leads them to the gang’s “sales department”, accessible via a through a TOR (The Onion Routing) project browser. The link takes the ransomware victims to a chat platform where they can communicate live with the malicious operators responsible for the attack. However, the FBI alert also noted that some Hive Ransomware victims were also telephoned by their attackers, who then demanded ransoms personally.

The majority of victims struck by a Hive Ransomware attack will face a tight payment deadline that typically ranges from between two to six days. However, there are documented cases where targets managed to extend these deadlines via negotiations with their attackers.

In a recent statement regarding ransomware, Jen Easterly of the Cybersecurity and Infrastructure Security Agency (CISA) warned:

“We live at a time when every government, every business, every person must focus on the threat of ransomware and take action to mitigate the risk of becoming a victim.”

The statement was part of a joint security advisory from CISA, the National Security Agency (NSA), the FBI, the Australian Cyber Security Centre (ACSC) and the National Cyber Security Centre (NCSC) here in the United Kingdom. The warning issued indicated that an increasing number of ever-more sophisticated ransomware attacks continues to pose a real threat to both organisations and critical infrastructure around the globe.

Despite a concerted crackdown on ransomware operators led by international law enforcement agencies, this form of cybercrime continues to be a prevalent menace to governments, businesses and educational institutions alike.

The Galaxkey platform encrypts all your data and gives YOU the encryption key so that even if malicious operators did somehow access it, the only people who would be able to decrypt the data and understand it is only you, rendering it useless to all others. You can start a free 14-day trial of the platform and explore our other innovative features.