{ "id": "17bfb26c-c5ae-4e53-9b85-1e5555afe6d8", "created_at": "2026-04-06T00:09:58.121424Z", "updated_at": "2026-04-10T13:12:41.997431Z", "deleted_at": null, "sha1_hash": "763ba41447d3c762cfddb106585e312757314ccf", "title": "LockBit ransomware claims attack on Continental automotive giant", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 2631613, "plain_text": "LockBit ransomware claims attack on Continental automotive giant\r\nBy Sergiu Gatlan\r\nPublished: 2022-11-03 · Archived: 2026-04-05 19:43:42 UTC\r\nThe LockBit ransomware gang has claimed responsibility for a cyberattack against the German multinational automotive\r\ngroup Continental.\r\nLockBit also allegedly stole some data from Continental's systems, and they are threatening to publish it on their data leak\r\nsite if the company doesn't give in to their demands within the next 22 hours.\r\nThe gang has yet to make any details available regarding what data it exfiltrated from Continental's network or when the\r\nbreach occurred.\r\nhttps://www.bleepingcomputer.com/news/security/lockbit-ransomware-claims-attack-on-continental-automotive-giant/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/lockbit-ransomware-claims-attack-on-continental-automotive-giant/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\nRansomware gangs commonly publish data on their leak sites as a tactic to scare their victims into negotiating a deal or into\r\nreturning to the negotiation table.\r\nSince LockBit says that it will publish \"all available\" data, this indicates that Continental is yet to negotiate with the\r\nransomware operation or it has already refused to comply with the demands.\r\nContinental entry on Lockbit's data leak site (BleepingComputer)\r\nBreached in an August cyberattack\r\nContinental's VP of Communications \u0026 Marketing, Kathryn Blackwell, didn't confirm LockBit's claims and would not share\r\nany details regarding the attack when BleepingComputer reached out but, instead, linked to a press release from August 24\r\nregarding a cyberattack that led to a breach of Continental's systems.\r\n\"Please see the statement we have issued on this topic. Unfortunately, I cannot provide you with any further details,\"\r\nBlackwell told BleepingComputer.\r\nAccording to the press release, the company detected a security breach in early August after attackers infiltrated parts of its\r\nIT systems.\r\n\"Immediately after the attack was discovered, Continental took all necessary defensive measures to restore the full integrity\r\nof its IT systems,\" Continental said.\r\n\"With the support of external cybersecurity experts, the company is conducting an investigation into the incident. The\r\ninvestigation is ongoing.\"\r\nThe automotive multinational is yet to share its findings. Blackwell also refused to link the August cyberattack to LockBit's\r\nclaims and told BleepingComputer that she \"cannot provide any further detail at this time.\"\r\nContinental reported sales of €33.8 billion in 2021, and it employs more than 190,000 people across 58 countries and\r\nmarkets.\r\nThe LockBit ransomware gang\r\nLockBit ransomware first surfaced in September 2019 as a ransomware-as-a-service (RaaS) operation. It relaunched as the\r\nLockBit 2.0 RaaS in June 2021 after ransomware groups were banned on cybercrime forums [1, 2].\r\nIn February, the FBI released a flash alert containing LockBit indicators of compromise and asking organizations breached\r\nby the gang to report any incidents urgently.\r\nSeveral months later, in June, LockBit released 'LockBit 3.0' and introduced Zcash cryptocurrency payment options, new\r\nextortion tactics, as well as the first ransomware bug bounty program.\r\nhttps://www.bleepingcomputer.com/news/security/lockbit-ransomware-claims-attack-on-continental-automotive-giant/\r\nPage 3 of 4\n\nEarlier this year, LockBit also claimed ransomware attacks on the Italian Internal Revenue Service and digital security giant\r\nEntrust. In 2021, Fortune 500 company Accenture also confirmed it was breached after the gang asked for a $50 million\r\nransom not to leak data stolen from its network.\r\nHowever, LockBit's claims that they breached Mandiant were dismissed by the cybersecurity company and proved to be\r\nnothing more than an attempt to distance itself from the Evil Corp cybercrime gang following a Mandiant report linking the\r\ntwo.\r\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/lockbit-ransomware-claims-attack-on-continental-automotive-giant/\r\nhttps://www.bleepingcomputer.com/news/security/lockbit-ransomware-claims-attack-on-continental-automotive-giant/\r\nPage 4 of 4", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "origins": [ "web" ], "references": [ "https://www.bleepingcomputer.com/news/security/lockbit-ransomware-claims-attack-on-continental-automotive-giant/" ], "report_names": [ "lockbit-ransomware-claims-attack-on-continental-automotive-giant" ], "threat_actors": [ { "id": "50068c14-343c-4491-b568-df41dd59551c", "created_at": "2022-10-25T15:50:23.253218Z", "updated_at": "2026-04-10T02:00:05.234464Z", "deleted_at": null, "main_name": "Indrik Spider", "aliases": [ "Indrik Spider", "Evil Corp", "Manatee Tempest", "DEV-0243", "UNC2165" ], "source_name": "MITRE:Indrik Spider", "tools": [ "Mimikatz", "PsExec", "Dridex", "WastedLocker", "BitPaymer", "Cobalt Strike" ], "source_id": "MITRE", "reports": null }, { "id": "b296f34c-c424-41da-98bf-90312a5df8ef", "created_at": "2024-06-19T02:03:08.027585Z", "updated_at": "2026-04-10T02:00:03.621193Z", "deleted_at": null, "main_name": "GOLD DRAKE", "aliases": [ "Evil Corp", "Indrik Spider ", "Manatee Tempest " ], "source_name": "Secureworks:GOLD DRAKE", "tools": [ "BitPaymer", "Cobalt Strike", "Covenant", "Donut", "Dridex", "Hades", "Koadic", "LockBit", "Macaw Locker", "Mimikatz", "Payload.Bin", "Phoenix CryptoLocker", "PowerShell Empire", "PowerSploit", "SocGholish", "WastedLocker" ], "source_id": "Secureworks", "reports": null }, { "id": "9806f226-935f-48eb-b138-6616c9bb9d69", "created_at": "2022-10-25T16:07:23.73153Z", "updated_at": "2026-04-10T02:00:04.729977Z", "deleted_at": null, "main_name": "Indrik Spider", "aliases": [ "Blue Lelantos", "DEV-0243", "Evil Corp", "G0119", "Gold Drake", "Gold Winter", "Manatee Tempest", "Mustard Tempest", "UNC2165" ], "source_name": "ETDA:Indrik Spider", "tools": [ "Advanced Port Scanner", "Agentemis", "Babuk", "Babuk Locker", "Babyk", "BitPaymer", "Bugat", "Bugat v5", "Cobalt Strike", "CobaltStrike", "Cridex", "Dridex", "EmPyre", "EmpireProject", "FAKEUPDATES", "FakeUpdate", "Feodo", "FriedEx", "Hades", "IEncrypt", "LINK_MSIEXEC", "MEGAsync", "Macaw Locker", "Metasploit", "Mimikatz", "PayloadBIN", "Phoenix Locker", "PowerShell Empire", "PowerSploit", "PsExec", "QNAP-Worm", "Raspberry Robin", "RaspberryRobin", "SocGholish", "Vasa Locker", "WastedLoader", "WastedLocker", "cobeacon", "wp_encrypt" ], "source_id": "ETDA", "reports": null }, { "id": "6c4f98b3-fe14-42d6-beaa-866395455e52", "created_at": "2023-01-06T13:46:39.169554Z", "updated_at": "2026-04-10T02:00:03.23458Z", "deleted_at": null, "main_name": "Evil Corp", "aliases": [ "GOLD DRAKE" ], "source_name": "MISPGALAXY:Evil Corp", "tools": [], "source_id": "MISPGALAXY", "reports": null } ], "ts_created_at": 1775434198, "ts_updated_at": 1775826761, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/763ba41447d3c762cfddb106585e312757314ccf.pdf", "text": "https://archive.orkl.eu/763ba41447d3c762cfddb106585e312757314ccf.txt", "img": "https://archive.orkl.eu/763ba41447d3c762cfddb106585e312757314ccf.jpg" } }