Kawasaki Motors Europe has announced that its recovering from a cyberattack that caused service disruptions as the RansomHub ransomware gang threatens to leak stolen data.
The company says the attack targeted its EU headquarters, and it is currently analyzing and cleaning any "suspicious material," such as malware, that may still be lurking on systems.
"At the start of September, Kawasaki Motors Europe (KME) was the subject of a cyber-attack which, although not successful, resulted in the company's servers being temporarily isolated until a strategic recovery plan was initiated later on the same day," reads the announcement.
"KME and its country Branches operate a large number of servers and, as a precaution, it was decided to isolate each one and put a cleansing process in place whereby all data was checked and any suspicious material identified and dealt with."
Kawasaki Motors Europe is a subsidiary of Kawasaki Heavy Industries, Ltd., a global Japanese company known for manufacturing motorcycles, all-terrain vehicles (ATVs), Jet Skis, utility vehicles, and other motorized products.
KME is responsible for the distribution, sales, and marketing of Kawasaki's motorcycle products in the European market, operating an extensive network of authorized dealerships and customer service centers across the continent.
The company says that its IT staff collaborated with external cybersecurity experts following the attack, checking servers one by one before they connected them back into the corporate network.
KME estimates that by the start of next week, 90% of its server infrastructure will have been restored.
Everything that concerns business operations, including dealerships, third-party suppliers, and logistics operations, is not impacted.
RansomHub claims the attack
Kawasaki's announcement comes as the RansomHub ransomware gang claimed responsibility for the attack on the company.
The threat group added the company to its extortion portal on the dark web on September 5, 2024, claiming the theft of 487 GB of data from Kawasaki's networks.
The timer is set to expire tomorrow, and if the threat actors' demands aren't satisfied, they threaten to publish all stolen data by that point.
It is unclear if RansomHub holds customer data in the stolen files, but this scenario cannot be ruled out at this point.
RansomHub has become prolific since the BlackCat/ALPHV ransomware operation shut down, with many of its affiliates moving to the newer ransomware-as-a-service program.
With the influx of skilled affiliates, RansomHub has seen a surge in successful attacks, including those against a division of Rite Aid, Frontier, Planned Parenthood, Halliburton, Christie's,
Last month, a joint advisory between the FBI, CISA, and the Department of Health and Human Services (HHS) reported that RansomHub breached 210 victims from a wide range of critical U.S. infrastructure sectors since it launched in February.