Kawasaki Europe Navigates Ransomware Incident, Recovery in Progress
Kawasaki Motors Europe, the prominent European subsidiary of Kawasaki Heavy Industries, is actively recovering from a targeted cyberattack attributed to the ransomware group RansomHub. This incident, which occurred in early September, resulted in temporary operational disruptions. However, the company is making significant progress towards a full restoration of services, with an estimated 90% of servers expected to be back online within the coming week.
Following the attack, Kawasaki proactively implemented a comprehensive security response, temporarily shutting down all company servers for an exhaustive malware inspection. Internal IT specialists, in collaboration with external cybersecurity experts, are meticulously reviewing each server before reintroducing it to the corporate network, ensuring the integrity and security of the company’s infrastructure.
Kawasaki Motors Europe has emphasized that critical business functions, such as dealer operations, supplier relations, and logistics, remain unaffected.
RansomHub has publicly claimed responsibility for the attack and alleges to have exfiltrated 487 GB of data from Kawasaki’s network. The group has threatened to publish the stolen data unless their demands are met. The potential inclusion of customer information in the stolen data remains a concern, but Kawasaki’s representatives have not yet issued an official response to media inquiries.
RansomHub’s notoriety has surged following the closure of the BlackCat/ALPHV ransomware operation, from which many of its members originated. Since the beginning of 2024, RansomHub has conducted over 200 successful attacks, including high-profile targets such as Rite Aid and Planned Parenthood.
The seriousness of this threat was recently highlighted in a joint advisory issued by the FBI, CISA, and the U.S. Department of Health and Human Services, warning of RansomHub’s potential impact on critical U.S. infrastructure sectors.
