Ongoing Pain for Shimano from Huge Malware Attack

Sakai, Japan

Cycling media around the world have been reporting on a malware attack that has seen thousands of confidential Shimano documents leaked to the public.

The source of these reports is this article in the tech website Escape Collective.

In case you don’t want to wade through that fairly long and detailed article, here’s a summary: A criminal hacking organisation called LockBit gained access to Shimano’s computer system, then threatened them with a ransom note to pay an undisclosed sum or have the documents released.

Shimano who are not commenting on the entire incident, apparently refused to pay and the hackers, after an unexplained delay, carried out their threat and released 4.5 terabytes of information.

The documents are reported to include confidential employee details, financial documents, client records and product development and technical information.

According to other sources, LockBit is one of the world’s most active ransomware attackers. Wikipedia says that in the USA alone between 2020 and 2023 LockBit made approximately 1,700 ransomware attacks and received US$91 million (A$137 million) in ransom payments.

Their victims have included a wide range of large corporations from Boeing to Continental. LockBit is believed to be based in Russia.

This story may not be over for Shimano as LockBit has threated further action.