Three criminals around a laptop, one holding a key to lock the device.

Hoya Optics Hit By $10 Million Ransomware Attack

Hoya Corporation fell victim to a recent cyberattack executed by the ‘Hunters International’ ransomware group. The attackers threatened to reveal the stolen files if they weren’t paid, demanding a $10 million ransom for a file decryptor.

A well-known Japanese manufacturer, Hoya focuses on electrical components, medical equipment, and optical devices. With a presence all over the world, it has 160 offices and businesses in more than 30 countries, backed by a global network of 43 state-of-the-art laboratories.

The business claimed that it had discovered cosplay an “IT system incident” at one of its foreign operations on March 30. Following the early engagement of external forensic investigators, their conclusions indicate that the event was most likely caused by unauthorised third-party access to the company’s systems.

Hoya disclosed the incident after the attack caused manufacturing and order processing to be disrupted across multiple divisions. Although the exact scope of the data breach is yet unknown, Hoya is looking into possible illegal access to sensitive data within its networks.

According to reports initially published by LeMagIT, Hunters International has purportedly demanded a $10 million ransom to stop the release of an estimated 1.7 million stolen files, totalling 2 TB of data. Still, no data have appeared on the Hunters International website, and the attackers of Hoya have not yet acknowledged their actions in public.

Hunters International's Ransom Demand for Hoya
Hunters International’s Ransom Demand for Hoya (LeMagIT)

Hunters International made clear via its activities with Hoya that they do not engage in negotiations with specific victims. A negotiator made an unsuccessful offer of $4 million, but the uncompromising cybercriminal rejected it.

In the middle of 2023, Hunters International, a ransomware-as-a-service (RaaS) organisation, appeared. There may be an update because of the similarities between its encryptor code and the Hive ransomware. Hunters International strongly denies any connection to the Hive organisation, even considering these similarities. They say they bought the website and software from an old ransomware company.

The company has not published any updates on its business status since April 4, 2024. It is expected that production is still disrupted, and remediation attempts are ongoing.

Most likely, to stop the ransomware from spreading throughout the network, Hoya’s IT security staff isolated the hacked systems. This response might have included shutting down servers, unplugging infected devices, or segmenting the network.

Hoya cyberattack highlights the growing severity and financial toll of ransomware attacks. Even major multinational organisations are vulnerable to such attacks even after putting strong security measures in place.

It is important to take proactive measures to identify and fix vulnerabilities, as well as improve employees’ cybersecurity best practices training. Strong incident response strategies are critical for mitigating the risk of future cyberattacks.

Phishing Tackle offers a free 14-day trial to help train your users to avoid these types of attacks and test their knowledge with simulated attacks using various attack vectors. By focusing on training your users to spot these types of attacks, rather than relying solely on technology, you can ensure that your organisation is better prepared to defend against cyber threats and minimise the impact of any successful attacks. 

Recent posts