You are currently viewing Pandora Ransomware Hits Toyota’s Automotive Supplier Denso

Pandora Ransomware Hits Toyota’s Automotive Supplier Denso

  • Post author:
  • Reading time:4 mins read

A Pandora ransomware attack targeted Denso Corp, a supplier of Toyota Motor Corporation. The confirmation came after the Pandora Ransomware group leaked the stolen data and claimed responsibility. However, the attack has not resulted in any disruption in Denso’s operations. This is why it is essential to have a vulnerability management tool to avoid such attacks.

The Pandora Ransomware attack on a Toyota Motor Corp supplier is a blow to Toyota. In recent months, it has actively worked to revive its production, which the global semiconductor shortage caused to decline after the pandemic. Auto patching can patch vulnerabilities.

Denso supplies automotive components for autonomous vehicle features, connectivity, and mobility services. Almost all vehicles around the globe use them. The clients include Toyota, General Motors, Honda, and Ford.

On March 14th, Denso stated an intrusion into the firm’s computing network four days before the attack. The network terminated the device connections immediately upon identifying unauthorized access. However, the automotive giant says that there is no impact on production plants, facility units, or manufacturing schedules.

The Pandora Ransomware attack is under investigation. The company has enlisted the assistance of cyber forensic experts, and they have informed the local authorities as well.

Toyota Data Leaked on Dark-Web by Pandora Ransomware Attack

Denso expresses its apologies for any inconvenience caused due to this attack. In addition, it will strengthen security measures and prevent such attacks in the future.

Pandora has leaked the sensitive data of Toyota on the dark web, according to Mitsui Bussan Secure Directions, a Japanese security firm. The company informed Japanese news outlet NHK that Pandora had stolen 1.4 terabytes of data belonging to the Toyota group.

In late February, Toyota was attacked, and was forced to shut down its plant in Japan. The Pandora Ransomware attack is the second incident that has severely impacted Toyota.

DarkTracer, the dark-web criminal intelligence, tweeted a screenshot of the Denso listing on Pandora’s leak portal. As per the reports, the dump comprises emails, purchase orders, technical drawings, non-disclosure agreements, and other classified information.


The Pandora group is a recent player added to the ransomware space in early March 2022. Pandora is the rebranded version of Rook ransomware. It had developed the ransomware to restrict access by appending .pandora extension to the sensitive filenames. For example, it renames “image.jpg” to “image.jpg.pandora”, “1.png” to “1.png.pandora” and so on. This prevents the victims from accessing the files, as per the research Malware Warrior. It delivers a Ransom message in “Restore_My_Files.txt file.

Moreover, corporates are unknown to such new cyberattacks like Pandora Ransomware attack that breach the computing networks and infect systems with ransomware. With the increase in cyberattacks on large companies, it is important to identify methods that prevent cyberattacks rather than reacting to them. Considering the current ongoing threats in the cybersecurity space post the pandemic, SanerNow is focused on preventing such cyberattacks using continuous and automated vulnerability management Cyberhygiene measures.

Signup for a free demo and explore SanerNow

Share this article