German authorities are investigating a cyberattack on Continental, one of the world’s largest auto parts manufacturers. Although the organization initially said the attack was repelled, cybercriminals reportedly stole 40TB of data.

Continental has more than 190,000 employees in 58 countries. Last year, the organization posted sales of €33.8 billion. Like any other successful company, Continental is a target for cybercriminals. On August 24 2022, the organization released a statement confirming its IT systems had been hit by a cyberattack.

Continental claimed that the attack had been repelled. In its own words, the organization took the steps necessary to ensure the data security of customers and partners. Continental claimed it had not found signs of data theft at the time. We now know that the situation is much more severe than the organization originally conveyed.

On Monday November 7, Continental confirmed that cybercriminals had stolen “a significant amount” of data in a statement to German newspaper Handelsblatt. Today, a spokesperson of a German agency for cybercrime prevention informed Handelsblatt that the incident is under investigation.

LockBit lays claim

The spokesperson did not share details about the investigation, but it’s clear that German authorities are looking for answers.

On November 4, ransomware group LockBit laid claim to the attack. The group said it held stolen data from Continental and threatened to publish the data unless the organization met a ransom demand within 24 hours.

To back up its claim, the ransomware group shared a chat log showing alleged negotiators from Continental discussing ransom payments with the cybercriminals. According to LockBit, the negotiations took place over a period of multiple weeks.

It’s not clear whether Continental paid the ransom. Handelsblatt asked the organization to comment on LockBit’s claims. On November 7, Continental admitted that cybercriminals had stolen “a significant amount of data” during the September attack.

Continental withheld information

According to Handelsblatt, Continental has been aware of the severity of the incident for months. Nevertheless, the organization opted not to share any public updates on the attack. The only public statement was the initial announcement, in which Continental claimed that the attack had been repelled.

In reality, Handelsblatt writes, Continental was approached by LockBit in September. The ransomware group laid claim to the attack, demanded ransom and threatened to publish the stolen data. In the same period, an investigation by Continental revealed that “the attackers were able to steal some of the data” despite established security measures.

Continental did not publicly disclose the results of the investigation at the time. The amount of information breached is unconfirmed to date. Handelsblatt believes the cybercriminals hold roughly 40TB of stolen data. “Each terabyte corresponds to about 6.5 million document pages”, the newspaper wrote.

Unanswered questions

Uncertainties aside, it’s clear that the attack led to data theft. Handelsblatt asked Continental to elaborate on the chat logs and communications provided by LockBit, but the organization declined to comment.

Many questions remain unanswered at this time. We don’t know how LockBit gained access to Continental’s systems. It’s unclear whether the stolen data contains personal information from companies and individuals outside of Germany.

The German government’s investigation is ongoing.