- Jaguar Land Rover suffered a cyber attack that disturbed production and retail, forced system’s shutdown and plant closures
- The violation was discovered in real time, which limits damage; No Customer Theft has been confirmed
- No group has assumed responsibility and the nature of the attack remains unclear, though ransomware or data theft is possible motives
Luxury car manufacturer Jaguar Land Rover (JLR) suffered a cyberattack that “seriously disturbed” its production and retail activities.
At its business site, it issued a short statement and confirmed the violation: “JLR has been affected by a cyber event,” the message reads. “We took immediate action to mitigate its influence by proactively closing our systems.”
In his report, the BBC says the disturbance affected two of its most important British plants. The attack took place last Sunday, and apparently the company’s defenders discovered it when it happened, reducing its influence. The effects were still felt across the company as workers at both the Halewood plant in Merseyside and the Solihull system were told to stay home on Monday. Those who checked in early were also sent home.
Restart of production
“We are now working in PACE to restart our global applications in a controlled way,” JLR continued. “At this point, there is no evidence that customer data has been stolen, but our retail and production activities have been seriously disturbed.”
At the same time, TATA Motors – JLR’s parent company – filed a new report to Bombay Stock Exchange, describing the attack as an “IT security incidence” causing global problems. National Crime Agency said, “We are aware of an incident affecting the Jaguar Land Rover and working with partners to better understand its influence.”
So far, no threat actors assumed responsibility for the attack, so we don’t know if this was a ransomware event or a simpler DataSmash-and-Grab. Usually, companies close parts of their IT infrastructure to include a ransomware strike as these encrypted end points and make them useless, while at the same time distinguishing sensitive data that is later used as leverage in the negotiations.
Still, many ransomware operators have moved past encryption systems, claiming that the process is too expensive, cumbersome and unreliable and focuses only on data ex -filtration.
Via BBC
