Gentex Corporation, a Michigan-based technology and manufacturing company, has confirmed that it suffered a data breach following an attack by the Dunghill ransomware gang. While it appears that the incident was not previously disclosed, TechTarget Editorial received an email on Tuesday, purportedly from a Dunghill operator, claiming that the group had breached Gentex. The email contained a link to a Tor site that allegedly contained 5 TB of sensitive corporate data. While TechTarget did not view or download the data, and therefore could not confirm its authenticity, they contacted Gentex for comment regarding the data leak, and the company confirmed the breach.
Craig Piersma, the Vice President of Marketing and Corporate Communications at Gentex, confirmed the data breach in an email statement to TechTarget, “Gentex is aware of the data breach that occurred several months ago, and we have communicated to all affected parties. It’s important to note that the breach has not had an impact on our operations.” However, it is unclear when the breach happened as Gentex has not responded to follow-up questions from the press.
Referring to themselves as “a group of computer specialists,” the Dunghill ransomware gang, which is a relatively new threat group, told TechTarget that it made the stolen data publicly available on the dark web. Two cybersecurity vendors highlighted Dunghill activity on Twitter last month that supported the claims. On April 18, threat intelligence vendor FalconFeeds discovered that Gentex had been added to Dunghill’s public leak site, which is used to pressure victims into paying ransom.
Though Dunghill did not tell TechTarget how it compromised Gentex or whether the attack included any encryption of the company’s systems, it did share an array of potentially stolen data, ranging from financial reports and nondisclosure agreements to client contracts and human resources information. The list also included IT infrastructure, access to databases, projects, and business agreements. As a technology manufacturer for the automotive and aerospace industries, Gentex produces a variety of electronics, camera systems, and sensor products.
Dunghill claimed that it has shared the stolen data with manufacturers from China, India, and the U.S. “because Gentex refused to cooperate.” It did not address whether those manufacturers were Gentex competitors, partners, or both.
Ransomware groups have recently escalated their extortion tactics. Operators are increasingly contacting competitors, members of the media, and even family members of victims to pressure organizations into paying. On top of that, gangs are also leaking highly sensitive photo and video footage exfiltrated during attacks.
Gentex is not the first company to fall victim to Dunghill ransomware gang. The gang has been active for a while, and some sources reveal that the group is footing a bill higher than ever. As such, these groups are gaining the audacity to be more daring and reckless in their approach to make sure there is a return on their heist.
It is particularly devastating for victims to suffer from a data breach caused by ransomware, as they not only lose their data but also face the threat of the data leaking to the public. Moreover, ransomware operators like the Dunghill group are exploiting new extortion tactics by leaking data to companies’ competitors, jeopardizing their reputations, and leading to even greater damage. Therefore, it is increasingly imperative for companies to invest in robust cybersecurity strategies in anticipation of such attacks to minimize their chances of succeeding in wreaking havoc on their business and ultimately safeguarding their clients’ data.