October 6, 2022, RansomEXX ransomware group had recently added Ferrari, a luxury car manufacturer, to their list of victims. However, the car firm denied the threat group’s claim and said they had not been dealing with a grave cybersecurity event.
According to the threat group, they hacked into the internal systems of Ferrari and had stolen 7GB worth of propriety data from the car manufacturer. RansomEXX also mentioned which files they had taken from the firm, including invoices, internal company data, contracts, and car repair manuals.
Despite these claims, the luxury car firm clarifies that they are not dealing with a ransomware incident.
Ferrari clarified that there were no signs that their company’s documents had been stolen. However, they said to be aware of the reports and rumours, such as their data being leaked online. Still, no evidence of a breach was found in their investigations, and their business operations remain normal.
Furthermore, the ransomware gang did not mention a ransom demand from Ferrari or any details on their alleged attack against the luxury car manufacturer.
Previous reports associated with RansomEXX involved attacking and disrupting healthcare institutions’ operations in Italy and Scotland. Moreover, the gang was known for targeting giant companies, including Zegna, Hellman Worldwide, and Gigabyte.
In terms of the automotive industry, ransomware groups had also been targeting several firms, including Japan-based automotive giant Nichirin, Germany’s Eberspächer Group, and another car dealing company in Europe, Emil Frey.
In 2021, Ferrari confirmed a cyberattack incident involving the Everest ransomware group hacking their supplier for car parts, Speroni. This incident has affected them since Speroni has been their partner for car manufacturing.
While this recent incident has not been fully confirmed, the customers and clients of Ferrari must still be cautious about potential attack threats. As ransomware groups have also been focused on targeting the automotive sector, it poses significant risks to the safety of all entities involved; thus, improved security measures must be implemented.