LockBit Ransomware Strikes Eicher Motors: A Detailed Analysis

Incident Date: Jul 05, 2024

Attack Overview

VICTIM

Eicher Motors Limited (EML)

INDUSTRY

Manufacturing

LOCATION

India

ATTACKER

Lockbit

FIRST REPORTED

July 5, 2024

Request Removal

Analysis of the LockBit Ransomware Attack on Eicher Motors Limited

Company Profile: Eicher Motors Limited

Eicher Motors Limited (EML), headquartered in New Delhi, India, is a significant player in the global automotive industry, particularly known for its Royal Enfield brand motorcycles. Founded in 1948 and incorporated in 1982, EML stands out in the Indian market with a market cap of ₹944.24 billion and a workforce exceeding 5,000 employees. The company operates in over 60 countries, producing not only motorcycles but also commercial vehicles through its joint venture with Volvo, VE Commercial Vehicles Limited (VECV). EML's commitment to innovation, quality, and sustainability has solidified its reputation in both domestic and international markets.

Details of the Ransomware Attack

The ransomware group LockBit has targeted Eicher Motors Limited, compromising sensitive data including personally identifiable information (PII) and confidentiality agreements. The attack was publicized through LockBit's dark web leak site, setting a ransom deadline of July 23, 2024. This incident highlights significant vulnerabilities within EML's cybersecurity measures, potentially involving compromised Remote Desktop Protocol (RDP) services or unsecured network shares, which are common entry points exploited by this ransomware group.

Profile of the Ransomware Group: LockBit

LockBit, active since September 2019, has emerged as one of the most prolific ransomware-as-a-service (RaaS) groups. Known for its modular ransomware that encrypts payloads to evade detection, LockBit uses RSA-2048 and AES-256 encryption algorithms. The group is notorious for its "double extortion" tactic, threatening to release stolen data if ransoms are not paid. LockBit primarily demands payment in Bitcoin, with amounts varying based on the perceived value of the encrypted data and the financial capacity of the victim.

Potential Entry Points and System Vulnerabilities

The specific vector used by LockBit to infiltrate EML's systems has not been disclosed. However, LockBit's known methodologies include exploiting vulnerabilities in RDP services and unsecured network shares. Additionally, the group's capability to perform lateral movements across a network suggests that EML's network segmentation and endpoint security measures were insufficient to contain the spread of the ransomware. The absence of robust Endpoint Detection and Response (EDR) and Network Detection and Response (NDR) systems may have also contributed to the severity of the breach.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.