Ransomware Attack on Athlon Limited by VanirGroup Disrupts Operations

Incident Date:

July 10, 2024

World map

Overview

Title

Ransomware Attack on Athlon Limited by VanirGroup Disrupts Operations

Victim

Athlon Limited

Attacker

Vanirgroup

Location

Schiphol, Netherlands

, Netherlands

First Reported

July 10, 2024

Ransomware Attack on Athlon Limited by VanirGroup

Overview of Athlon Limited

Athlon Limited, a subsidiary of Mercedes-Benz Group AG, is a leading provider of operational vehicle leasing and mobility solutions. Established in 1916, the company has grown from a local car repair shop to a significant player in the mobility sector, managing over 400,000 vehicles across Europe. Athlon offers a range of services including full-service leasing, employee leasing, private leasing, rental services, and SecondDrive, a digital marketplace for high-quality used cars. The company is headquartered in the Netherlands and emphasizes sustainability and corporate social responsibility in its operations.

Details of the Ransomware Attack

On June 3, 2024, Athlon Limited fell victim to a ransomware attack orchestrated by the cybercriminal group VanirGroup. The attack resulted in the exfiltration of sensitive data and the locking of critical systems, severely disrupting Athlon's operations. The specifics of the ransom demand and Athlon's response strategy have not been disclosed. The attack has raised concerns about the vulnerabilities in Athlon's cybersecurity measures, particularly given the company's extensive digital infrastructure and the sensitive nature of the data it handles.

About VanirGroup

VanirGroup is a newly emerged ransomware group that has quickly gained notoriety for its professional and aggressive tactics. The group has carried out multiple attacks, disclosing the identities of their victims on their dark web leak site. VanirGroup's modus operandi includes compromising internal infrastructure, deleting or encrypting backups, and stealing critical data. They use intimidation tactics, warning victims that cooperation is essential to prevent further damage. The group is also actively seeking to expand its operations by inviting potential affiliates to join their network.

Potential Vulnerabilities

Athlon Limited's extensive digital infrastructure and the sensitive nature of the data it handles make it an attractive target for ransomware groups like VanirGroup. The company's reliance on digital systems for fleet management, leasing services, and customer interactions could have provided multiple entry points for the attackers. Additionally, the integration of various mobility solutions and the handling of large volumes of data may have exposed vulnerabilities that were exploited during the attack.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.