Rewterz Threat Update – Semiconductor Component Manufacturer Semikron Hit By A Ransomware Attack

Severity

High

Analysis Summary

Semikron, an independent producer of power semiconductor components with headquarters in Germany, was the victim of a ransomware cyberattack. Semikron employs over 3,000 people across 24 subsidiaries in Germany, Brazil, China, France, India, Italy, Slovakia, and the United States. It also claims to be one of the world’s leading power engineering component manufacturers, with its technologies powering 35% of wind turbines installed each year.

The company confirmed that it was the victim of a cyberattack carried out by a professional hacker group.

“A professional cybercriminals carried out a ransomware attack on the SEMIKRON Group.  The attackers claim to have stolen data from our system during this attack, ” the company disclosed this in a statement released on Monday.

According to them, before encrypting a portion of the internal network, the attackers infiltrated data from company systems. The security breach is being investigated by the company with the assistance of external cyber security and forensic experts.

Although the corporation withheld details regarding the ransomware employed in the incident, a ransom letter placed on one of the encrypted systems reveals that it was an LV Ransomware attack and claims the perpetrators stole 2TB worth of material.

The company also stated that it will keep customers and partners informed and collaborate with relevant authorities throughout the investigation and will notify them if any evidence of data theft is discovered.

Impact

Data Theft
System & File Encryption

Remediation

• Maintain cyber hygiene by updating your anti-virus software and implement patch management lifecycle.
• Maintain Offline Backups – In a ransomware attack, the adversary will often delete or encrypt backups if they have access to them. That’s why it’s important to keep offline (preferably off-site), encrypted backups of data and test them regularly.
• Emails from unknown senders should always be treated with caution.
• Never trust or open ” links and attachments received from unknown sources/senders.
• Block all threat indicators at your respective controls.
• Search for Indicator of compromise (IOCs)  in your environment utilizing your respective security controls
• Passwords – Ensure that general security policies are employed including: implementing strong passwords, correct configurations, and proper administration security policies.
• Admin Access – limit access to administrative accounts and portals to only relevant personnel and make sure they are not publicly accessible.
• WAF – Web defacement must be stopped at the web application level. Therefore, set up a Web Application Firewall with rules to block suspicious and malicious requests.
• Patch – Patch and upgrade any platforms and software timely and make it into a standard security policy. Prioritize patching known exploited vulnerabilities and zero-days.
• Secure Coding – Along with network and system hardening, code hardening should be implemented within the organization so that their websites and software are secure. Use testing tools to detect any vulnerabilities in the deployed codes.
• 2FA – Enable two-factor authentication.
• Antivirus – Enable antivirus and anti-malware software and update signature definitions in a timely manner. Using a multi-layered protection is necessary to secure vulnerable assets