LockBit

LockBit Targets Shimano: Sensitive Data Published

The end of 2023 didn’t spell good news for Shimano. The company was a target of a LockBit ransomware attack — hackers demanded a ransom from Shimano and then published a lot of sensitive data related to the company.

Preface

Shimano is a known bike manufacturer — according to some sources, the company occupies around 70% to 80% of the total market for bicycle parts. The company makes parts for all kinds of bicycles, and Shimano manufactures bikes as well. At the end of 2023, Shimano fell victim to a LockBit ransomware attack.

What Happened Between LockBit and Shimano?

Initially uncovered by a threat intelligence company FalconFeeds, LockBit has targeted Shimano with a threat to expose sensitive customer and company data if a ransom isn’t paid in early November of 2023:

The LockBit Ransomware Announcement in Regards to Shimano
The LockBit Ransomware Announcement in Regards to Shimano

As you can see from the image, the LockBit crew has threatened to leak a lot of data belonging to Shimano if a ransom isn’t paid and their demands aren’t met. The data included:

  • Company and employee data and financial documents — employee IDs, balance sheets, expense reports, bank reports, tax forms and reports, KPIs, confidential contracts, minutes, drawings and diagrams, and other details.
  • Sensitive customer data — email addresses, phone numbers, residential addresses, passport photos, NRIC (Japanese bus travel card) details, and other details.

The Shimano data breach hit the headlines not only because the company was targeted by the ransomware group LockBit — if you take a closer look at the image above, the LockBit group didn’t only demand a ransom to be paid, they also published around 5TB of data containing the data classes above because they didn’t receive the money.

Things are not looking good for Shimano — at least not for the foreseeable future…

The cybercrime intelligence company Flashpoint describes LockBit as one of the most prolific ransomware groups, so targeted by ransomware pointed at this group is never good. Shimano was most likely targeted by LockBit 3.0 — a new version of the ransomware.

Shimano didn’t comment on the LockBit ransomware attack.

History and Victims of LockBit

LockBit is a software appliance designed to block access to the files within a server or computer until a ransom is paid. People and organizations fall victim to the LockBit ransomware because of vulnerabilities in their systems or zero-day exploits. Confusingly, the group of hackers between the LockBit ransomware also goes by the name of LockBit.

LockBit was around for a while and will be around in the future. LockBit was first noticed in the fall of 2019, the second version of the ransomware was launched in 2021, and the third — in 2022. The LockBit ransomware first made a name for itself by encrypting files and appending the “.abcd” extension to files once they were encrypted by the LockBit ransomware.

LockBit isn’t a standalone group and the LockBit ransomware as a service — in other words, the group sells access to LockBit ransomware and provides an affiliate service. TrendMicro says that the LockBit ransomware didn’t only target Shimano or companies in Japan — the ransomware attacks companies and institutions in the United States, India, and Brazil too.

The newest version of the ransomware — LockBit 3.0 — is also known to offer monetary rewards for security researchers to find flaws in their software. According to many sources, this is the first-ever time when a ransomware gang offers monetary rewards for security vulnerabilities in their ransomware appliance. We assume that the authors of the LockBit ransomware have done that to prevent the newest version of the LockBit ransomware from being taken down by law enforcement.

Regardless, the group did get taken down — more information on the LockBit ransomware will be published in a separate blog.

The LockBit ransomware group has targeted, in no specific order, the following companies and institutions:

  • Accenture in 2021
  • Thales in 2022
  • La Poste Mobile (a French Internet and SIM card provider) in 2022
  • Corbeil Essonnes (a hospital in France) in 2022
  • Pendragon PLC (car details manufacturer) in 2022
  • Continental in 2022

All in all, the LockBit ransomware gang had extorted millions out of thousands of targets both in the U.S. and abroad — it is said that apart from the Shimano attack, the LockBit ransomware gang has made over $100 million USD from criminal proceedings.

Summary

2023 has ended with a boom — Shimano fell victim to a LockBit ransomware attack. While the company didn’t comment on the attack and it isn’t known whether it’d paid money to the group behind the LockBit ransomware, we hope that Shimano did restore its systems and conducted a thorough security investigation to prevent such incidents from happening in the future.

For now, keep your systems up to date to prevent them from being hit by the LockBit ransomware or any other ransomware, run a search through the BreachDirectory data breach search engine and, if necessary, change the passwords of relevant accounts to keep your data safe on the web, and until next time.

Also, consider joining the official BreachDirectory Discord channel — there, we chat about white-hat hacking, security research, and other things. Join the fun!

Frequently Asked Questions

What is the LockBit Ransomware and the LockBit Ransomware Group?

LockBit is a type of ransomware developed by a cyber-criminal gang going by the name of LockBit. The LockBit ransomware is said to be the first ransomware that’d offered monetary rewards for security researchers to find security flaws in its ransomware-as-a-service software offering.

What is Shimano?

Shimano is a Japanese bike and bike parts retailer. According to statistics, parts by Shimano occupy most of the present bike parts market.

Did Shimano Get Hacked in 2023?

Shimano did get harmed by the LockBit ransomware in late 2023. It’s not known whether Shimano has paid the ransom to the LockBit group and Shimano didn’t seem to want to disclose the details of the security incident either.

Where Can I Learn More About the LockBit Ransomware and Other Cybersecurity News?

To learn more about the LockBit ransomware and other types of ransomware, please follow the BreachDirectory blog, follow us on X (Twitter), LinkedIn, and Facebook, and join our Discord server to stay updated on all of the newest trends within the ransomware and cybersecurity space.

Leave a Reply

Your email address will not be published. Required fields are marked *