The ransomware attack on Continental also stole over 40.000 gigabytes of data. Because Continental didn't pay any data ransom. The data probably includes confidential documents from VW, BMW and Mercedes. In addition, the FBI is now also involved with Continental.
The manufacturer Continental has still not published a statement on the ransomware attack and the theft of over 40.000 gigabytes of data. Unlike LockBit: on their leak page some of the data is ready. An overview of all existing data should be found in a packed directory. According to various media, there should also be files with confidential content that come from VW, BMW and Mercedes. There seems to be something to the matter, since, according to the Handelsblatt, these companies have already sent questionnaires to Continental.
Confidential documents from VW, BMW, Mercedes
A zipped file with over 400 MB of data is available for download on the LockBit leak page: it is said to contain the file list of the Continental data (image: B2B-CS).
The damage caused cannot be quantified yet. After all, the manufacturers VW, BMW or Mercedes might even be able to assert claims for damages. To make matters worse, according to information from ARD, the FBI is now also getting involved at Continental. Apparently, German security authorities have informed the FBI about the attack and are now in contact with US investigators. However, the cooperation should not be related to the data from Continental, but to the fact that the FBI has been looking for the leading heads of LockBit for some time. We are hoping for valuable information on both sides.
Was the attack months ago?
The conversation in the LockBit chat begins on September 23.09.2022, 2 (Image: BXNUMXB-CS).
What has still not been clarified: Continental already reported in a statement on its website in August 2022 that the attack had been “fended off”. LockBit's blackmail chat is dated 23.09.2022/40/XNUMX. So either the stolen data came from the first attack or there was a second one. But above all, Continental has to ask itself why the IT systems did not notice the outflow of XNUMX Tbytes of data in the network.