Car rental giant Sixt has been hit by a cyberattack. Non-essential systems were shut down in defence.

Germany’s Sixt rents out cars from over two thousand locations in more than 100 countries. On 29 April, the organization shut down parts of its IT infrastructure to prevent a cyberattack. Only essential systems remained accessible, including the website and mobile apps.

Sixt announced that disruptions for customers and employees are to be expected. The organization claims that the impact has been kept to a minimum. “We provided business continuity for customers”, shared a spokesperson. “However, temporary disruptions, in particular in customer care centers and selective branches, are likely to occur in the short term.”

According to German media, Sixt processed most car bookings with pen and paper on Friday morning. Some non-essential systems have been down since. Calling customers were met with an automated message. “Due to a technical problem, we are currently unavailable.”

Ransomware

Further details are scarce. Sixt announced that an investigation has been launched, but did not share any information on the method of the attack. The organization is asking customers for understanding and patience.

The attack has not yet been claimed by a known ransomware group. Nevertheless, the chances of ransomware are high. Website BleepingComputer speculates that ransomware groups are focusing on organizations like Sixt because of the upcoming tourist season. Vacationers are a huge source of income for car rental companies. Ransomware groups typically attack during busy periods to increase the potential damage to victims. The greater the harm, the quicker the ransom payment.

Tip: Ransomware is an APT, so you should treat it as such