Japanese watchmaker Seiko struck by BlackCat/ ALPHV ransomware attack | #ransomware | #cybercrime

Japanese watchmaker Seiko Group Corp. has been struck by a ransomware attack, with the BlackCat/ALPHV ransomware gang claiming responsibility.

The attack, officially described as a data breach, was disclosed by Seiko on Aug. 10 and is said to have taken place on July 28. According to Seiko, an unidentified party or parties gained unauthorized access to at least one of its servers. The company subsequently hired external cybersecurity experts who confirmed that a breach had taken place.

The statement on Seiko goes on to note that the company is verifying the exact nature of the information that was stored on the impacted servers and would provide more information when available – that was nearly two weeks ago.

Screenshot of the ALPHV leaks site

Exactly what was stolen has emerged on the dark web leak site for the ALPHV ransomware group. According to a statement on their site published this morning, Aug. 21, the group has obtained a long list of internal documents, including watch blueprints and designs, sales reports, invoices, employee emails, employee personal data, contracts, audits and more.

BlackCat/ALHPV then goes on to claim that since the company refused to negotiate a payment with them, they are now starting to publish the stolen data.

“All the data belonging to Seiko Group Corporation will be released for free download in closest future in case if we will not make an agreement with their management or we will not met an offer from buyers which we will not be able to refuse,” the group writes.

Of the initial documents shared, some are in Japanese, but others show what appears to be blueprints and pictures of watch designs, the first page of a 2007 agreement between Seiko and Barclays Bank PLC and a copy of someone’s passport for good measure.

The publication of a small tranche of stolen documents is typical of modern ransomware groups attempting to force a company to make a ransom payment to stop the further release of the stolen documents. The amount being demanded from Seiko was not disclosed by the group.

BlackCat/ALPHV was previously in the news in June when it targeted Casepoint Inc., a legal discovery technology company. The group was also in the news in April when it targeted retail point-of-sale and automatic teller machine technology company NCR Corp. However, those are but a handful of their claimed victims, as the group’s leak site lists many more.

Discussing the news, James McQuiggan, security awareness advocate at security awareness training company KnowBe4 Inc., told SiliconANGLE that BlackCat/ALPHV allegedly gained access to Seiko via Initial Access Brokers, buying exposed credentials or tokens that allowed them to compromise the target.

“Organizations must have or implement several technologies to improve defenses against this attack vector,” McQuiggan warns. “They want to ensure that all internet-facing assets like RDP, VPNs, email and web applications are consistently updated and hardened, as this is the standard attack vector with available credentials.”

Images: ALPHV/Bing Image Creator