Cyberattack on Continental

Date: Feburary 10, 2023

Continental was targeted by cybercriminals. The company was able to avert the attack early in August and restore the full integrity of its IT systems. Continental’s business activities were not affected at any point. The investigation of the incident has since revealed that despite established security measures, the attackers were also able to steal some data from the affected IT systems.

The investigation, conducted with the support of external cybersecurity experts, and the data analysis are still ongoing and are of the highest priority.

Key questions regarding the cyberattack will be updated on this page.

August 4, 2022: Continental detected anomalies in its IT system. With the help of cybersecurity experts, protection software was then deployed.
No attacker activity was detected in Continental’s systems from August 5, 2022, onward. Continental informed the investigative authorities about the situation on August 5, 2022.
The investigation into the incident indicated that the attackers first accessed Continental’s systems on July 1, 2022.
No encryption of Continental’s systems took place, and Continental’s business activities were not affected at any point.
Continental immediately initiated an investigation into the incident with the help of external experts.
The hacker group LockBit contacted Continental in mid-September. Continental subsequently broke off contact with the attackers.
On November 9, 2022, the hacker group LockBit offered to delete or sell the data on the dark web for $50 million. On November 29, 2022, this was reduced to $40 million.
On November 10, 2022, the hacker group LockBit also published a list of the data that it claimed to have in its possession. No detailed file contents were published.
Continental estimates that more than 40 terabytes of data were stolen. No file contents have been published to date.
Continental currently has no indication that data has been manipulated or products compromised.
Continental is working with the forensic experts of a renowned audit firm to carry out the technological data analysis.

Continental has refused to pay any ransoms on the grounds that this would only help fund continued attacks on the security of critical infrastructure such as utilities and hospitals, educational institutions and the economy.
This stance is also in line with existing recommendations by the Federal Office for Information Security, the Federal Criminal Police Office and the German government.
Furthermore, we would like to see a clear legal framework for dealing with cyberattacks and ransom demands. Organized crime must be fought rigorously with all means and laws available. We will also seek discussions with policymakers regarding these issues.

According to current information, the attackers managed to remain undetected for around four weeks.
This is not unusual, as experience shows that ransomware attacks remain undetected for several months on average. One of the reasons for this is that companies, especially large companies, exchange significant amounts of data. A data transfer of around 40 terabytes, as in the present case, is not immediately conspicuous due to the high daily data volumes.

Continental currently estimates that more than 40 terabytes of data were stolen.
The analysis will be conducted according to significance, on the basis of which selected file contents will then be reviewed in a next step.
When searching through the index file and when reviewing individual files, comprehensive legal frameworks need to be taken into account.
Due to the large data volume of 40 terabytes, this analysis will take some time.

Continental is informing its employees on an ongoing basis. For this purpose, there is a dedicated information page on the company’s intranet, where employees receive regular updates through a news ticker.
Determining the extent to which employee data has been affected is the subject of a comprehensive data analysis. Those affected will be informed in writing and according to GDPR requirements in the course of the investigation. Furthermore, town halls will be held at the affected locations, during which the employees will be informed in person.

The company regularly reviews the robustness of its defense systems and improves their protection. However, cybercriminals are developing increasingly sophisticated attack methods. Cyberdefense therefore amounts to a permanent race.

The investigation into the cyberattack and into the methods used by the attackers is still ongoing. Initial findings suggest that the attackers gained access to Continental’s systems using disguised malware inadvertently run by an employee.

Continental is in constant contact with national and international security and data protection authorities, with employee representatives and with other company stakeholders.
The company is investigating and assessing the extent to which data is affected. To this end, we are in continuous exchange with all those involved at various levels (e.g. specialists, IT, data protection). Continental is analyzing the stolen data with regard to sensitive personal content.
Continental is convinced that only by working together can we successfully combat the threat from cybercriminals. Accordingly, the company has a strong interest in joining forces and initiating coordinated steps and measures through the smooth exchange of information.
As the analysis of the stolen data has not yet been completed, Continental is currently unable to provide any further details on the consequences for potentially affected employees and other company stakeholders.

No further details on possible consequences can be provided at present.

Cyberattack on Continental

Q&A

Share: