- Tesla’s China-based competitor NIO suffers a cybersecurity breach with attackers demanding $2.25 million worth of Bitcoin.
- NIO has promised to take full responsibility for any resultant losses to customers and is working with the government to investigate the incident.
Chinese electric vehicle manufacturer NIO has reported that it suffered a ransomware attack. The company revealed this through a press release.
It stated that it was made aware that certain of its user information was sold on the internet by third-parties for illegal purposes on Dec. 20. This included data on its vehicle sales in China before August 2021.
The Chinese Tesla competitor added that it is doing everything possible to support its customers through the cybersecurity breach. It has set up a dedicated support line and a support email to handle all complaints. It is also working with government authorities to investigate the incident.
“NIO deeply regrets this incident happened, and is doing everything possible to support its users. NIO continues to work with governmental authorities to investigate the incident and implement necessary measures to contain potential damages. NIO reaffirms its commitment to protecting data security and privacy of its users,” it said in the press release.
Meanwhile, reports indicate that the attackers requested payment in Bitcoin (BTC) to restore access to the company’s compromised files. According to an Economic Times report, the malicious actors emailed the company demanding $2.25 million worth of bitcoin. The attackers also claimed that they had Nio’s internal data.
Bitcoin-related ransomware attacks on the increase?
The attack is coming at a time when China is working to ensure all organizations improve their cyber security. Reuters reported in September that China was seeking to increase penalties for firms that violate cyber security laws.
At the time, the Cyberspace Authority of China (CAC) proposed to raise fines for some violations from 100,000 yuan ($14,371) to 1 million yuan. The changes China has been making to its cybersecurity laws over the years have impacted how companies handle user information greatly in the country.
Meanwhile, Bitcoin-related ransomware attacks appear to be getting more rampant globally. Earlier this month, All India Institute of Medical Sciences (AIIMS), was hit with a severe ransomware attack. The attackers demanded $24.5 million worth of crypto from the Delhi-based medical and research university according to reports.
Experts make certain recommendations for companies to take to avoid falling victim to such attacks. Bill Siegel, co-founder and CEO of ransomware incident response firm Coveware, says an ideal strategy is to move from on-premises servers and backups to the cloud.
He wrote in a Banking Info Security piece that doing so outsources availability, uptime and security to the SaaS vendor. It also facilitates better backup and recovery if something does happen, he added. This comes in handy, especially for healthcare facilities, he noted.