Ferrari ransomware

(Source – Shutterstock)

Ferrari falls victim to ransomware attack

Ferrari has been hit by a ransomware attack. The Italian sports-carmaker has had information about its customers exposed, in the latest ransomware attack on a carmaker.

According to a statement by Ferrari, the carmaker was contacted by a threat actor with a ransom demand related to certain client contact details. Upon receipt of the ransom demand, Ferrari immediately started an investigation with a leading global third-party cybersecurity firm. The carmaker also stated that it has informed the relevant authorities and is confident they will investigate to the full extent of the law.

“As a policy, Ferrari will not be held to ransom as paying such demands funds criminal activity and enables threat actors to perpetuate their attacks. Instead, we believed the best course of action was to inform our clients and thus we have notified our customers of the potential data exposure and the nature of the incident,” Ferrari stated.

The sports carmaker also confirmed that the breach hasn’t impacted their operational functions and will continue to work with third-party experts to further reinforce their systems. Stating confidence in their resilience following the ransomware attack, Ferrari also stated that it takes the confidentiality of its clients very seriously and understands the significance of this incident.

Interestingly, this is not the first time a cybersecurity incident has occurred in Ferrari. In November last year, apart from the ransomware, Ferrari reported internal documents being posted online and was working to identify how it happened. In a statement back then, the sports carmaker said that it found no evidence of a breach of its systems or ransomware.

However, Reuters reported that an Italian newspaper citing the Red Hot Cyber website said Ferrari had been a victim of a cyberattack and that seven gigabytes of documents have been made public. It reported that the attack had allegedly been carried out by the RansomEXX cyber gang.

Globally, carmakers continue to be targeted by ransomware groups. In January, there were reports of a data breach at Toyota Motor’s Indian business unit, Toyota Kirloskar Motor. Prior to that, Toyota experienced a data breach that may have exposed up to 300,000 customer emails over a period of nearly five years.

Reports show that the breach was a result of a subcontractor posting source code for Toyota’s T-Connect app on GitHub in December 2018. The publicly available source code was found on September 15th, 2022. By then, Toyota had already changed the access key.

Apart from Toyota, Honda also suffered a cyberattack that impacted its operations around the world in 2020. In April 2022, American automaker General Motors also disclosed that it suffered a credential stuffing attack. Meanwhile, European carmakers Audi and Volkswagen disclosed a data breach impacting over 3.3 million customers and interested buyers in 2021.

While carmakers will most likely not end up paying for these data breaches and ransomware attacks, the reality is, cybercriminals will only continue to target them. Carmakers need to ensure they have taken the necessary steps to not only secure their data but also their customers’ data.

As the world moves towards increased usage of hybrid and electric vehicles, all carmakers also need to ensure these vehicles are well-secured and will not be easily hacked or taken over by cybercriminals. Stealing data is one thing but once cybercriminals are able to hack vehicles, carmakers are going to have a lot more to worry about.