You are currently viewing Pandora Ransomware Hits Toyota’s Automotive Supplier Denso

Pandora Ransomware Hits Toyota’s Automotive Supplier Denso

A ransomware attack targeted Denso Corp, a supplier of Toyota Motor Corporation. The confirmation came after the Pandora Ransomware group leaked the stolen data and claimed responsibility. However, the attack has not resulted in any disruption in Denso’s operations.

The cyberattack on a Toyota Motor Corp supplier is a blow to Toyota. It has been trying to revive its production, which was lost in recent months due to the shortage of semiconductors after the global pandemic.

Denso supplies automotive components for autonomous vehicle features, connectivity, and mobility services. They are used in almost all vehicles around the globe. The clients include Toyota, General Motors, Honda, and Ford.

On March 14th, Denso stated an intrusion into the firm’s computing network four days before the attack. The device connections to the network were terminated immediately after identifying unauthorized access. The automotive giant says that there is no impact on production plants, facility units, or manufacturing schedules.

The attack is under investigation. The company has onboarded cyber forensic experts to assist, and the local authorities have also been informed.

Denso expresses its apologies for any inconvenience caused due to this attack. In addition, it will strengthen security measures and prevent such attacks in the future.

Toyota Data Leaked on Dark-Web

Pandora has leaked the sensitive data of Toyota on the dark web, according to Mitsui Bussan Secure Directions, a Japanese security firm. The company informed Japanese news outlet NHK that Pandora had stolen 1.4 terabytes of data belonging to the Toyota group.

In late February, Toyota was attacked, and was forced to shut down its plant in Japan. The Denso cyberattack is the second incident that has severely impacted Toyota.

DarkTracer, the dark-web criminal intelligence, tweeted a screenshot of the Denso listing on Pandora’s leak portal. As per the reports, the dump comprises emails, purchase orders, technical drawings, non-disclosure agreements, and other classified information.


The Evolving Threat of Ransomware

The Pandora group is a recent player added to the ransomware space in early March 2022. Pandora is the rebranded version of Rook ransomware. It had developed the ransomware to restrict access by appending .pandora extension to the sensitive filenames. For example, it renames “image.jpg” to “image.jpg.pandora”, “1.png” to “1.png.pandora” and so on. This prevents the victims from accessing the files, as per the research Malware Warrior. It delivers a Ransom message in “Restore_My_Files.txt file.

Corporates are unknown to such new cyberattacks that breach the computing networks and infect systems with ransomware. With the increase in cyberattacks on large enterprises, it is important to identify methods that prevent cyberattacks rather than reacting to them. Considering the current ongoing threats in the cybersecurity space post the pandemic, SanerNow is focused on preventing such cyberattacks using continuous and automated vulnerability management Cyberhygiene measures.

Signup for a free demo and explore SanerNow



0 0 votes
Article Rating
Notify of
Inline Feedbacks
View all comments