The automotive supplier Continental was the victim of a ransomware attack. The initial attack was already discovered in August, but underestimated by the company: only recently did it become apparent that a large amount of data had been stolen. The case shows how important it is to use security solutions that continuously monitor the network and sound the alarm in case of irregularities.

The medical technology company Richard Wolf GmbH, the metal group Aurubis and the energy service provider Enercity are all German companies that have fallen victim to cyber attacks in the past four weeks. They have now been joined by a new, prominent victim: the automotive supplier Continental. The company announced at the beginning of last week that hackers from Lockbit, a group specialising in ransomware, had stolen 40 terabytes of data. Continental had already reported the attack in August. At the time, it was said that it had been able to fend it off successfully. Obviously, this was not the case. Chat logs with Continental published by the hackers show that there were ransom negotiations about the data. In itself, this is a blatant intrusion into the privacy of the person negotiating. As an aside, security experts advise against negotiating with the extortionists.

On the one hand, hackers’ ransomware can hardly be called negotiations. On the other hand, there is no guarantee that cybercriminals will actually release the data after receiving the ransom. Moreover, those affected should be more concerned about the downtime of their IT systems than about the ransom. If the digital infrastructure of a company fails for a longer period of time, this can quickly threaten the existence of those affected and their customers. In the case of critical infrastructure such as the power grid or hospitals, even human lives are at risk.

In this respect, organisations can learn something from the case of Continental. The corporation only realised months after the hacker attack was discovered that a large amount of data had been stolen from the network. To address this, there are security solutions that continuously monitor the network and sound the alarm in case of irregularities. This enables quick action and prevents far-reaching effects.

That is why cybersecurity experts recommend building data security on three cornerstones: Data resilience, data visibility and data recovery. Users achieve resilience through unchangeable backup copies of their data. Immutable data is untouchable and cannot be encrypted by hackers. Visibility is ensured by constant monitoring of all data streams. This includes knowing at all times who has access to which data and when it was used. This information can be used to identify and stop suspicious activities. Backups are used to restore important data. If they are stored in a safe place and are quickly available, the victims of a ransomware attack can possibly bring their systems back online in a timely manner. Adhering to these principles can minimise the risk and damage potential of a cyber attack.