Share this article on:
A prolific ransomware operator has said that it will post more than 800 gigabytes of data belonging to the Korean conglomerate Hanwha within seven days if a ransom isn’t paid.
LockBit 3.0 posted that it had the data on 8 September on its darknet leak site and shared a small number of sample documents to prove that the data is legitimate.
Hanwha is one of South Korea’s chaebols – large, family-run conglomerates. The company has interests in solar energy, aerospace, travel, and defence, and it currently has a US$3.4 billion market cap.
A leak from such a huge company may be major headline material, but the data so far on display – while interesting – isn’t quite the smoking gun that LockBit may think it is.
Only one document – which admittedly seems to be either a blueprint or layout of something – dates from a recent year, 2020, while the other seven documents date between 2009 and 2014. The documents also related to a division of Hanwha that no longer seems to exist, Hanwha SolarOne. Hanwha does have a solar energy business, operating under the Q Cell brand. None of the documents appear to mention the modern incarnation.
Included are details of shipping insurance, purchase agreements, and confidentiality contracts. Also included is a screenshot of the entire directory, with a number of folders that seem to contain financial, logistical, and human resources information. One of the folders is called “Sonarone”, so it is possible that the rest of the files could relate to more recent Hanwha operations.
The full size of the data is 864 gigabytes, for a total of 704,372 files, according to the screenshot.
The ransomware gang has not said what amount they hope to extort from its victim.
Cyber Security Connect has contacted Hanwha for comment.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.