Ransomware Attack on Innomotive Systems Hainichen GmbH

Overview

Innomotive Systems Hainichen GmbH, a German company specializing in automotive manufacturing, fell victim to a ransomware attack orchestrated by the ragroup. The attack, which was publicized on the group's dark web leak site, resulted in the encryption of the company's data. Innomotive Systems Hainichen GmbH, acquired by Mutares in 2021, operates in the manufacturing sector.

Past Attack

The ransomware utilized in this incident belongs to the Phobos family, known for exploiting vulnerabilities in Remote Desktop Protocol (RDP) services, particularly weak login credentials. The perpetrators established persistence, disabled firewalls, removed volume shadow copies, and encrypted and extracted data from the compromised systems.The ransomware group demanded a payment of 3.5 Bitcoin, equivalent to approximately $175,000, from the affected company.

Current Attack

The ransomware attack on Innomotive Systems Hainichen GmbH occurred on April 3, 2024. The sources mention that the company was targeted by the RA World ransomware group, and also mention other ransomware attacks that occurred on specific dates, such as the RansomHub attacks on Avant IT Norway on March 28, 2024, and the attacks on Farmacia Florio on April 8, 2024.

Implications for the Manufacturing Sector

The breach at Innomotive Systems Hainichen GmbH underscores the susceptibility of manufacturing companies to ransomware assaults. The absence of detailed security information or certifications on the company's website raises concerns about their preparedness against such cyber threats.

Sources

• Innomotive Systems Hainichen GmbH |Scharniere für Automotive
• Ransomware Attack Knocks 100 Romanian Hospitals Offline
• RA World attacks Innomotive Systems Hainichen GmbH
• Mutares acquires Innomotive Systems Hainichen GmbH from a Chinese state-controlled enterprise
• Hospitals offline across Romania following ransomware attack on IT platform