iCar Asia Hit by Ransomware: 20,000 Files Compromised
Incident Date:
August 8, 2024
Overview
Title
iCar Asia Hit by Ransomware: 20,000 Files Compromised
Victim
iCar Asia
Attacker
Killsec
Location
First Reported
August 8, 2024
Ransomware Attack on iCar Asia by Kill Security Group
iCar Asia, a leading digital automotive platform in the ASEAN region, has recently fallen victim to a ransomware attack orchestrated by the notorious Kill Security group. The cybercriminals claim to have exfiltrated over 20,000 files containing sensitive vehicle information and customer data related to car inspections in Thailand. The attackers are demanding a ransom of €25,000, with a deadline set for August 26.
About iCar Asia
iCar Asia Limited (ASX:ICQ) is a prominent digital platform in the automotive sector, primarily serving Malaysia, Indonesia, and Thailand. The company connects car buyers and sellers, offering a comprehensive suite of services that encompasses the entire automotive journey. With over 8 million monthly users, iCar Asia has established itself as a leading online marketplace for vehicles. The company operates multiple websites and applications tailored to different markets, including Carlist in Malaysia, Mobil123 and OtoSpirit in Indonesia, and One2Car and AutoSpinn in Thailand.
iCar Asia employs advanced technology, including a Response Management System (RMS) that integrates with dealers' operations, allowing for better engagement and efficiency in managing customer inquiries and leads. The company also leverages machine learning and artificial intelligence to deliver personalized content and recommendations, enhancing user experience and increasing the likelihood of successful transactions.
Attack Overview
The ransomware attack on iCar Asia was claimed by the Kill Security group via their dark web leak site. The attackers have reportedly infiltrated the company's systems, exfiltrating over 20,000 files. These files include sensitive vehicle information and customer data related to car inspections in Thailand. The ransom demand is set at €25,000, with a deadline for payment.
About Kill Security Group
Kill Security, also known as KillSec, is a ransomware group that has targeted various industries and countries. The group is known for its extensive targeting and significant extortion amounts. They use a variety of communication channels, including Telegram, Session Messenger, and Tox, and conduct their operations using XMR (Monero) cryptocurrency. The group has been active in targeting sectors such as government, manufacturing, defense, professional services, banking, and finance.
Penetration and Vulnerabilities
While the exact method of penetration remains unclear, it is speculated that Kill Security could have exploited vulnerabilities in iCar Asia's systems. Given the company's extensive use of advanced technology and data-driven personalization, any lapses in cybersecurity measures could have provided an entry point for the attackers. The integration of various systems and the handling of large volumes of sensitive data make iCar Asia a lucrative target for ransomware groups.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.