Business Continuity Management / Disaster Recovery , Cybercrime , Cybercrime as-a-service
LockBit Ransomware Gang Reportedly to Leak Bridgestone DataBridgestone Says an Investigation of 'Potential Incident' Is Underway
The ransomware-as-a-service group LockBit 2.0 has claimed that it will leak all the stolen data from an attack on tire manufacturer Bridgestone Americas. The attack reportedly came to light in late February, which led to the disruption of some plant operations.
At that time, the company acknowledged that a few employees at Bridgestone's La Vergne plant in Tennessee were sent home, and the company is currently investigating a potential information security incident.
"Since learning of the potential incident in the early morning hours of February 27, we have launched a comprehensive investigation to quickly gather facts while working to ensure the security of our IT systems. Out of an abundance of caution, we disconnected many of our manufacturing and retreading facilities in Latin America and North America from our network to contain and prevent any potential impact," Bridgestone said in a media statement.
The company employs around 140,000 people globally and conducts business in more than 150 countries and territories worldwide.
A spokesperson for the company was not immediately available to comment.
Last month, federal authorities warned healthcare and public health sector entities about potential threats posed by the LockBit 2.0, despite the cybercrime gang's claim that it does not target healthcare organizations.
The warning from the U.S. Department of Health and Human Services Health Sector Cybersecurity Coordination Center comes on the heels of an FBI "flash alert" issued on Feb. 4 providing advice for organizations across all sectors of the latest LockBit 2.0 activities along with indicators of compromise (see: HHS Warns Health Sector About LockBit 2.0 Threats - Again).
LockBit 2.0 operates as an affiliate-based ransomware as a service and employs a wide variety of tactics, techniques and procedures, creating significant challenges for defense and mitigation.
Investigation in Progress
On Friday, BleepingComputer reportedly received a response from Bridgestone Americas and was told that the company is engaged with Accenture Security to investigate and understand the full scope and nature of the incident."
In addition, while acknowledging the ransomware attack, the company says that it is analyzing to determine what data was stolen. The company says that the ransomware attackers removed all the data from a limited number of Bridgestone systems.
A Twitter user named Soufiane Tahiri confirmed that LockBit ransomware had added Bridgestone America to its victim list.
#Lockbit #ransomware added Bridgestone America @BridgestoneUS to their victim list.@SOSIntel @ransomwaremap @campuscodi @cyber_etc pic.twitter.com/NmmlOK2ZF9— Soufiane Tahiri (@S0ufi4n3) March 10, 2022
"We are committed to conducting a swift and decisive investigation to determine as quickly as possible what specific data was taken from our environment. Bridgestone treats the security of our teammates, customers, and partners' information with the utmost importance," said Bridgestone's statement reported by BleepingComputer.
The company also says that it will continue to work on mitigating potential harm from these types of incidents and to further enhance its cybersecurity measures as recommended by internal and external security advisers.