Ransomware Attack on iCar Asia by Kill Security Group

iCar Asia, a leading digital automotive platform in the ASEAN region, has recently fallen victim to a ransomware attack orchestrated by the notorious Kill Security group. The cybercriminals claim to have exfiltrated over 20,000 files containing sensitive vehicle information and customer data related to car inspections in Thailand. The attackers are demanding a ransom of €25,000, with a deadline set for August 26.

About iCar Asia

iCar Asia Limited (ASX:ICQ) is a prominent digital platform in the automotive sector, primarily serving Malaysia, Indonesia, and Thailand. The company connects car buyers and sellers, offering a comprehensive suite of services that encompasses the entire automotive journey. With over 8 million monthly users, iCar Asia has established itself as a leading online marketplace for vehicles. The company operates multiple websites and applications tailored to different markets, including Carlist in Malaysia, Mobil123 and OtoSpirit in Indonesia, and One2Car and AutoSpinn in Thailand.

iCar Asia employs advanced technology, including a Response Management System (RMS) that integrates with dealers' operations, allowing for better engagement and efficiency in managing customer inquiries and leads. The company also leverages machine learning and artificial intelligence to deliver personalized content and recommendations, enhancing user experience and increasing the likelihood of successful transactions.

Attack Overview

The ransomware attack on iCar Asia was claimed by the Kill Security group via their dark web leak site. The attackers have reportedly infiltrated the company's systems, exfiltrating over 20,000 files. These files include sensitive vehicle information and customer data related to car inspections in Thailand. The ransom demand is set at €25,000, with a deadline for payment.

About Kill Security Group

Kill Security, also known as KillSec, is a ransomware group that has targeted various industries and countries. The group is known for its extensive targeting and significant extortion amounts. They use a variety of communication channels, including Telegram, Session Messenger, and Tox, and conduct their operations using XMR (Monero) cryptocurrency. The group has been active in targeting sectors such as government, manufacturing, defense, professional services, banking, and finance.

Penetration and Vulnerabilities

While the exact method of penetration remains unclear, it is speculated that Kill Security could have exploited vulnerabilities in iCar Asia's systems. Given the company's extensive use of advanced technology and data-driven personalization, any lapses in cybersecurity measures could have provided an entry point for the attackers. The integration of various systems and the handling of large volumes of sensitive data make iCar Asia a lucrative target for ransomware groups.

Sources

• iCar Asia Official Website
• CIO Article on iCar Asia
• WatchGuard Ransomware Tracker
• ID Ransomware
• TechRadar Article on Kill Security