German semiconductor manufacturer Semikron suffers ransomware attack

Semikron Group has confirmed it was the victim of a ransomware attack perpetrated by a “professional hacker group.”

Semikron is a German semiconductor manufacturer for electric vehicles and industrial automation systems.

“As part of this attack, the perpetrators have claimed to have exfiltrated data from our system,” Semikron said.

“The attack has also led to a partial encryption of our IT systems and files. The entire network is currently being forensically investigated and cleaned up,” the company said.

These methods point to the double extortion technique typically used in ransomware attacks.

Alongside extorting their targets to decrypt their data, attackers will also threaten to release sensitive data to the public unless the company pays up.

An alert from the German Federal Office for Information Security revealed the attackers were blackmailing Semikron by threatening to release stolen data, BleepingComputer reported.

Semikron’s report did not contain details on the type of ransomware used in the attack.

However, BleepingComputer reported that a ransom note deployed on one of Semikron’s encrypted systems showed it was an LV ransomware attack and that the attackers stole 2TB of data.

The Gold Northfield threat group operates LV Ransomware, which has the same code structure as REvil, SecureWorks reported.

SecurityWeek’s Eduard Kovacs reported the LV ransomware operation’s Tor-based leak website did not mention Semikron as a victim.

However, Kovacs said Semikron would not be the first semiconductor targeted by the Gold Northfield threat group.

The cyberattack’s effect on Semikron remains unknown, but the company’s report indicates there has been some disruption in work.

“We are working to restore the ability to work in order to minimise the disruption to our employees, customers and partners and to ensure the security of our IT systems as best as possible,” Semikron said.