German chipmaker Semikron falls victim to ransomware attack

4 Aug 2022

Image: © nimito/

A hacker group claims it stole 2TB of data from the semiconductor giant and used LV ransomware, a repurposed form of REvil malware.

Semiconductor manufacturer Semikron has been hit with a ransomware attack that partially encrypted its network.

The German company said the attack came from a “professional hacker group” that partially encrypted IT systems and files. The company is currently investigating and cleaning up its network in response, according to a statement published on 1 August.

The hackers also claim to have stolen data from Semikron. This claim is being investigated by the semiconductor giant, which said it will inform affected customers and partners when more information is available.

Semikron has 24 branches with eight production sites across Germany, Brazil, China, France, India, Italy, Slovakia and the US. The chip manufacturer says 35pc of the wind turbines installed annually are operated with its technology.

Repurposed REvil ransomware

Semikron has not confirmed if any data was stolen from the hackers. However, an alert was issued by the German Federal Office for Information Security saying the company is being blackmailed with threats to leak stolen data, according to BleepingComputer.

A ransom note deployed on one of Semikron’s systems that was seen by BleepingComputer said the attackers stole 2TB of data and used LV ransomware in the attack.

Research from cybersecurity firm Secureworks suggests this ransomware is a repurposed version of the REvil malware.

REvil is a ransomware-as-a-service cybergang linked to the Kaseya cyberattack and the JBS Foods ransomware incident last year.

Prevention-first mindset

Commenting on the Semikron attack, Sam Linford, vice-president at cybersecurity company Deep Instinct, said cyberattackers put decision-makers under “extreme pressure” to pay ransoms in order to decrypt their systems and stop data leaks.

“Unfortunately, this method is working,” Linford said. “Our research has shown that businesses paid an average of £3m in ransomware demands, and if threat actors know that this method is working, they will continue to use it.”

Linford added that too many organisations are taking a reactive approach when dealing with the threat of ransomware attacks.

“Organisations should be implementing a prevention-first mindset to stop ransomware attacks before they breach the network,” he said. “It is time we take a stand against cybercriminals and show that we have had enough.”

Ransomware gangs are continuing to target major manufacturers and critical infrastructure companies in Europe.

Creos, a natural gas and electricity network operator in Luxembourg, said it suffered a ransomware attack at the end of July, during which a “certain amount of data” was exfiltrated.

Ransomware gang BlackCat has claimed responsibility for the attack. Researchers believe this gang includes members of the group responsible for the Colonial Pipeline cyberattack that occurred last year.

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Leigh Mc Gowran is a journalist with Silicon Republic