Royal Enfield Falls Victim to Ransomware Attack
Royal Enfield, renowned worldwide for its iconic and stylish motorcycles, has recently found itself at the center of a ransomware attack. While official investigations are still ongoing, a hacker group has come forward with claims that the company’s servers were encrypted, and all data backups were destroyed. The attacker is reportedly demanding an undisclosed sum in exchange for a decryption key.
The hacker published details on a dark web forum, including a session ID on Tor, a qTox handle, and a Telegram contact, offering Royal Enfield just 12 hours to comply with the ransom demands. If the company fails to respond, the hacker is reportedly open to selling the stolen data to other interested parties.
To validate their claims, the hacker has shared screenshots of the stolen data, which appear to follow MITRE Att&ck tactics—used by cybercriminals to map out their attacks. In addition to encrypting the company’s systems, the hacker has likely exfiltrated sensitive data, further escalating pressure on Royal Enfield to pay up.
ShinyHunters and Scattered Spider Join Forces
The collaboration between two notorious cybercriminal groups—ShinyHunters and Scattered Spider—is raising alarms across the cybersecurity landscape. Both groups have long been responsible for significant cyberattacks, and now their union is expected to cause even more chaos.
Scattered Spider, known for its DragonForce Ransomware, and ShinyHunters, the group behind a recent attack on Salesforce, have joined forces to target public and private computer networks. This collaboration was uncovered in a recent report by ReliaQuest.
Both groups share a common method for infiltrating victims’ networks: Voice Phishing (Vishing). By exploiting human error, they manipulate individuals into granting access to sensitive systems, making their attacks more effective and harder to trace.
With law enforcement agencies like the FBI intensifying their efforts to take down these groups, it appears the criminals are banding together to maximize their impact before their infrastructure is dismantled. The two groups have now launched a new Telegram channel, Scattered Lapsu$ Hunters, in collaboration with the infamous Lapsus$ group. This new channel positions itself as a Ransomware-as-a-Service (RaaS) provider, positioning itself in competition with established ransomware groups like LockBit 3.0 and DragonForce.
Though the Telegram channel was swiftly banned within hours of its creation, the group quickly migrated to other platforms, including Signal and WhatsApp. In the coming weeks, the new collaboration is expected to unveil a breach forum where they will post victim details and authenticate their claims in cases of double extortion.
Join our LinkedIn group Information Security Community!
