[ad_1]
Pendragon – the automotive dealership group which owns Evans Halshaw, CarRetailer, and Stratstone – has confirmed that its IT servers have been hacked by cybercriminals who declare to have stolen 5 per cent of its knowledge.
According to The Times, the LockBit 3.0 extortion gang has demanded a cryptocurrency ransom equal to $60 million be paid by Pendragon, which operates round 160 showrooms throughout the UK.
A go to to Lockbit’s leak website on the darkish internet reveals that the extortionists are threatening to launch recordsdata stolen from Pendragon on Saturday 29 October.
Pendragon, nonetheless, says it isn’t going to pay.
Pendragon stated it had not engaged in any dialogue about paying the gang, which needs the ransom paid right into a bitcoin pockets. “We refuse to be held hostage by this group and we will not be paying a ransom demand,” Kim Costello, the chief advertising officer, stated.
Pendragon’s web site has been holding the surface world recurrently up to date on how it’s responding to the ransomware assault.
The firm has reported the assault to the Information Commissioner’s Office (ICO) and the police, and knowledgeable the National Cyber Security Centre (NCSC).
Pendragon says the assault has not affected its capacity to serve prospects, and that it has since secured its techniques.
Interestingly, Pendragon additionally says it has “successfully obtained an interim injunction from the High Court against the threat actor.”
I think {that a} High Court injunction won’t forestall “persons unknown” – prone to be based mostly exterior the UK – from leaking the information, however I think that isn’t the first motive why they’ve completed it.
Taking an injunction in opposition to the blackmailers does, nonetheless, assist Pendragon present their shoppers that they’re doing every part of their energy to forestall the knowledge from being leaked – and maybe assist defend the corporate from future authorized motion.
Furthermore, if these accountable are ever recognized, the existence of the injunction could assist to hunt recompense at some point, maybe by means of seizing their belongings.
The information of Pendragon’s cyber assault comes at an inconvenient time for the automotive dealership group. It has not too long ago acquired a takeover provide of £400 million from Swedish motor firm Hedin Group.
I’m impressed that Pendragon is refusing to pay the ransom. Cyber extortionists solely proceed to blackmail hacked corporations as a result of typically they do achieve swindling their victims out of thousands and thousands of {dollars} value of cryptocurrency.
Found this text attention-grabbing? Follow Graham Cluley on Twitter to learn extra of the unique content material we put up.