Semikron the world-renowned power electronics manufacturer based in Germany, recently disclosed that it was the victim of a successful ransomware strike. The lethal attack negatively impacted the semiconductor maker by partially encrypting its dedicated company network.

With a turnover for 2020 of approximately $461m (£380m), Semikron currently has more than 3,000 employees across its eight production sites and 24 offices based around the worldwide in multiple countries, including Germany, China, Brazil, France, Italy, Slovakia, India, and the US.

It is also considered one of the leading power engineering component makers in the world. Last year 35% of the wind turbines that were installed that operating with the company’s cutting-edge technology.

Disclosure of a ransomware attack

To confirm the attack on its systems, Semikron published a statement recently that explained the incident to interested parties. The notice read:

“The SEMIKRON Group has been the victim of a cyberattack by a professional hacker group. As part of this attack, the perpetrators have claimed to have stolen data from our system. The attack has also led to partial encryption of our IT systems and files. The entire network is currently being studied and adjusted forensic.”

Investigations into the extent of infiltration and an assessment of any systems and data impacted are an important first move for firms following a ransomware attack. Companies hit by ransomware gangs must inform data regulators, along with data subjects whose personal information was disclosed, and investigations can uncover these facts for those concerned. Forensic investigations also help companies learn how attacker bypassed their security measures and can help them ensure no attackers can use the same approach going forwards.

According to a recent alert issued by Bundesamt für Sicherheit in der Informationstechnik, (Germany’s Federal Office for Information Security), the ransomware gang behind the attack on Semikron is blackmailing the manufacturer and threatening to expose allegedly stolen information exfiltrated during the incursion, using a double extortion tactic.

While the German component maker has not shared any information regarding the type of ransomware used in the attack, a dedicated ransom note that was deployed on one Semikron’s encrypted systems indicates that LV Ransomware was employed and that attackers responsible for the hit stole two terabytes’ worth of data, with a terabyte being 1,000 gigabytes.

Semikron to substantiate data theft claims

According to Semikron, it is also investigating the hackers’ claims that data was stolen from the encrypted systems before the ransomware attack was unleased. External experts in forensic investigations and specialists in cybersecurity are assisting the firm with this pursuit.

A spokesperson for Semikron commented:

“At the same time, we are working on restoring the working ability to minimise disruptions for our employees, customers and contractual partners and to ensure the best possible security of our IT systems.”

The manufacturer also added that it had informed and is collaborating currently with relevant authorities during its investigation. Furthermore, it has stated it will be informing its partners and customers if the investigation uncovers evidence of any data theft.