hiveleak attacks Erik Buell Racing

Incident Date:

January 25, 2022

World map



hiveleak attacks Erik Buell Racing


Erik Buell Racing




East Troy, USA

Wisconsin, USA

First Reported

January 25, 2022

Erik Buell Racing Suffers Ransomware Attack

Company Overview

Erik Buell Racing (EBR), headquartered in East Troy, Wisconsin, was established by Erik Buell in November 2009, following the closure of Buell Motorcycle Company by Harley-Davidson, its parent company and majority stakeholder. Specializing in the production of street and racing motorcycles, EBR also provides engineering services. After entering receivership in April 2015, the company was acquired by Liquid Asset Partners in January 2016, leading to the resumption of motorcycle production on March 1, 2016. The first new model, a limited edition "Stars and Stripes" themed 1190RX, was produced on March 17, 2016.

Vulnerabilities and Targeting

The ransomware group HiveLeak targeted EBR, underscoring the cybersecurity vulnerabilities within the manufacturing and motorcycle industries. The attack, disclosed on a dark web leak site, likely exploited system weaknesses such as phishing, unpatched software, or inadequate passwords. EBR's online presence does not explicitly detail their cybersecurity strategies or any recent enhancements to their security posture.

Industry Standout and Future Prospects

EBR distinguishes itself in the motorcycle sector through its dedication to high-performance motorcycles and racing. Despite facing a ransomware attack, the company has successfully emerged from bankruptcy and resumed production under new ownership. EBR is actively expanding its dealer network to distribute its latest motorcycle models.

Mitigating Ransomware Attacks

To reduce the risk of ransomware attacks, organizations are advised to practice robust cyber hygiene. This includes conducting frequent vulnerability scans, securing data with offline, encrypted backups, and ensuring timely updates and patches for software and operating systems. In the event of an attack, affected entities should contact federal law enforcement through IC3 or a Secret Service Field Office and may seek further assistance or share information with CISA to aid others.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.