Nidec Corporation Hit by Everest in Third 2024 Ransomware Attack
Incident Date:
August 8, 2024
Overview
Title
Nidec Corporation Hit by Everest in Third 2024 Ransomware Attack
Victim
Nidec Corporation
Attacker
Everest
Location
First Reported
August 8, 2024
Nidec Corporation Targeted by Everest Ransomware Group
Nidec Corporation, a global leader in motion control technology, has reportedly fallen victim to a ransomware attack orchestrated by the Everest ransomware group. The attackers have leaked a screenshot of the exfiltrated file tree and issued a stern ultimatum, giving the company 24 hours to make contact using the provided instructions. Failure to comply, they warn, will result in the public release of all stolen data.
About Nidec Corporation
Nidec Corporation, headquartered in Kyoto, Japan, is a prominent global manufacturer specializing in the development, manufacturing, and sales of a wide range of motor products. Established in 1973, the company has grown to become a leader in the motor industry, with a diverse product lineup that serves various sectors, from consumer electronics to automotive applications. As of March 31, 2023, Nidec reported a consolidated revenue of approximately 2,348 billion yen and employs about 101,112 individuals globally.
Attack Overview
This incident marks the third ransomware attack targeting Nidec, with two previous attacks in 2024 confirmed on their website, attributed to different cybercriminal gangs. As of now, Nidec has not confirmed the details of this latest August attack. The Everest ransomware group has a history of targeting high-profile victims and has listed nearly 100 organizations on its dark web leak site.
About Everest Ransomware Group
The Everest Ransomware Group is a notorious cybercriminal organization active since at least December 2020. Initially starting as a data exfiltration outfit, Everest transitioned into a ransomware operator. The group employs a combination of legitimate compromised user accounts and Remote Desktop Protocol (RDP) for lateral movement. It uses AES and DES algorithms to encrypt files, adding the “.EVEREST” extension to the encrypted files. The attackers then display a ransom message containing instructions on how to contact them and pay the ransom to obtain the decryption key.
Penetration and Vulnerabilities
Everest ransomware could have penetrated Nidec's systems through various means, including phishing attacks, exploiting vulnerabilities in outdated software, or using compromised user accounts. The group's increasing activity as an Initial Access Broker (IAB) suggests that they may have sold backdoors into Nidec's systems to other criminals, facilitating the attack.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.