Nidec Corporation Hit by Everest in Third 2024 Ransomware Attack

Incident Date: Aug 08, 2024

Attack Overview

VICTIM

Nidec Corporation

INDUSTRY

Manufacturing

LOCATION

Japan

ATTACKER

Everest

FIRST REPORTED

August 8, 2024

Request Removal

Nidec Corporation Targeted by Everest Ransomware Group

Nidec Corporation, a global leader in motion control technology, has reportedly fallen victim to a ransomware attack orchestrated by the Everest ransomware group. The attackers have leaked a screenshot of the exfiltrated file tree and issued a stern ultimatum, giving the company 24 hours to make contact using the provided instructions. Failure to comply, they warn, will result in the public release of all stolen data.

About Nidec Corporation

Nidec Corporation, headquartered in Kyoto, Japan, is a prominent global manufacturer specializing in the development, manufacturing, and sales of a wide range of motor products. Established in 1973, the company has grown to become a leader in the motor industry, with a diverse product lineup that serves various sectors, from consumer electronics to automotive applications. As of March 31, 2023, Nidec reported a consolidated revenue of approximately 2,348 billion yen and employs about 101,112 individuals globally.

Attack Overview

This incident marks the third ransomware attack targeting Nidec, with two previous attacks in 2024 confirmed on their website, attributed to different cybercriminal gangs. As of now, Nidec has not confirmed the details of this latest August attack. The Everest ransomware group has a history of targeting high-profile victims and has listed nearly 100 organizations on its dark web leak site.

About Everest Ransomware Group

The Everest Ransomware Group is a notorious cybercriminal organization active since at least December 2020. Initially starting as a data exfiltration outfit, Everest transitioned into a ransomware operator. The group employs a combination of legitimate compromised user accounts and Remote Desktop Protocol (RDP) for lateral movement. It uses AES and DES algorithms to encrypt files, adding the “.EVEREST” extension to the encrypted files. The attackers then display a ransom message containing instructions on how to contact them and pay the ransom to obtain the decryption key.

Penetration and Vulnerabilities

Everest ransomware could have penetrated Nidec's systems through various means, including phishing attacks, exploiting vulnerabilities in outdated software, or using compromised user accounts. The group's increasing activity as an Initial Access Broker (IAB) suggests that they may have sold backdoors into Nidec's systems to other criminals, facilitating the attack.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.