The LockBit ransomware gang claims to have compromised the network of Bridgestone Americas, one of the largest manufacturers of tires, and stolen data from the company. The Bridgestone Americas family of enterprises includes more than fifty production facilities and 55,000 employees throughout the Americas. LockBit operators plan to release the stolen data by March 15, 2022 if the company does not pay the ransom. On February 27, some company employees at Bridgestone’s La Vergne plant reported being sent home due to a possible cyber-attack. Bridgestone launched an investigation into the incident and hired a prominent consultant firm to understand the full scope and nature of the incident.
Ransomware continues to be one of the main threats to businesses in the cybersecurity space. Threat actors will not only encrypt files and hold them for ransom, but also exfiltrate data to further extort businesses by threatening to leak the data on their site. Having good endpoint detection with an EDR technology and a competent SOC to triage alerts, whether an internal team or a service like Binary Defense, is crucial to detect intrusions when they start and before the threat actors can pivot around the network environment and deploy ransomware. It is best to prevent initial access, which is most often gained by either phishing or by brute forcing applications exposed externally. If all else fails, it is important to have multiple backups and an incident response plan to get back up and running as soon as possible.