Sweden’s world-leading automobile manufacturer, Volvo Cars, recently disclosed that an incident involving unknown attackers was unleashed on its systems. During the targeted cyberattack, the threat operators involved exfiltrated the company’s network with stolen files containing research and development data.

Statements issued after infiltration

The private data that was taken in the attack was accessed after the unknown operators hacked the dedicated servers of Volvo Cars. Following identification of the intrusion and theft, the Swedish carmaker made a statement to the press:

“Volvo Cars has become aware that one of its file repositories has been illegally accessed by a third party. Investigations so far confirm that a limited amount of the company’s R&D property has been stolen during the intrusion. Volvo Cars has earlier today concluded, based on information available, that there may be an impact on the company’s operation.”

The auto manufacturer also confirmed that it had notified all relevant authorities following the discovery of the incident. In conjunction with third-part cybersecurity experts, its IT security teams then began a full investigation into the breach and resulting data theft.

At this point in the process, Volvo Cars commented that, based on the information currently in its possession, it can see no possible impact on the security and safety of its customer’s vehicles or to their personal and private data.

Ransomware operators claim responsibility for hit

While Volvo cars did not disclose any specific details regarding the breach it suffered, the ransomware group known as Snatch subsequently claimed ownership of the attack.

The nefarious ransomware gang added a fresh entry to its dedicated data leak site on the Dark Web at the end of November. The operators stated they had breached the Volvo Car Corporation’s dedicated servers and stolen confidential data files during the intrusion. As proof of their successful attack, the ransomware gang posted screenshots taken of the stolen data files. Now, Snatch has additionally leaked close to 40 megabytes of information that it claims involved stolen documents extracted from the carmaker’s severs in the attack.

While Volvo Cars has not commented further on the incident, it has been outspoken on its attitude towards cybersecurity as part of its operation. The firm stated:

“Cyber security is an integral part and a top priority of our global development work and operations. Volvo Cars actively participates in and contributes to the international work on standardisation and best practices and apply industry-accepted recommendations on cyber security.”

The firm added that while its position was never to comment or speculate on potential attacks related to cyber security, all threats and data theft would always be taken seriously.

World-famous organisations and household name brands like Volvo Cars make attractive targets for cybercriminals, especially ransomware operators. Able to request far larger sums as ransomware payments, attacking larger firms can be lucrative. It can also help ransomware operations to raise their profile, among their peers and with potential victims. Members of the press are more likely to cover cyberattacks against well-known companies, giving ransomware gangs the publicity they seek.