[BreachExchange] Canyon Targeted by "Massive Cyber Attack" Over Christmas Period
Destry Winant
destry at riskbasedsecurity.com
Wed Jan 8 10:04:19 EST 2020
https://www.pinkbike.com/news/canyon-targeted-by-massive-cyber-attack-over-christmas-period.html
Canyon has announced it was struck by a "massive cyber attack" over
the Christmas break by a "professionally organized group". The attack
has now been identified and stopped and Canyon claim that the majority
of its software and servers are encrypted and therefore protected from
the attack. They do however, admit that it will result in some delays
in orders that have been placed through the website.
The attack shows massive criminal intent. Due to the encryption of our
IT infrastructure, work and business processes were temporarily
massively affected. Our Koblenz site was directly affected, as were
all our international companies with the exception of the US company,
as it operates its own IT system. Unfortunately, we expect delays in
customer contact and delivery in the next few days. We are making
every effort to keep the impact on our customers and fans as low as
possible and to get back to normal operations as quickly as possible.
We regret this incident very much and apologize that Canyon is
currently not able to offer its usual standard of service.—Roman
Arnold, Canyon founder and CEO
The local authorities and the state commissioner for datat protection
in Rhineland Platinate have been informed and Canyon indicate that
they will be filing charges against the perpetrators. Canyon has also
installed solutions and countermeasures based on an analysis of the
attack.
Press Release: Canyon
Shortly before the turn of the year, Canyon Bicycles GmbH became the
target of a massive criminal cyber attack. Apparently, this was
perpetrated by a professionally organized group that specialize in
attacking companies. The perpetrators succeeded in gaining access to
Canyon’s IT systems. Software and servers were encrypted and thus
locked in places. The website www.canyon.com was not affected: Orders
via the web shop could and continue to be placed as usual. Meanwhile,
the attack has been identified and stopped according to the current
state of knowledge.
Immediately after the cyber attack became known, Canyon informed the
responsible authorities. Canyon has been closely working with the
Koblenz criminal investigation department and the state criminal
investigation department since the date of the attack. In addition,
Canyon has informed the state commissioner for data protection in
Rhineland-Palatinate. Criminal charges will be filed against the
perpetrators. Experts from the fields of IT, forensics and cyber
security were able to quickly analyze and control the attack and have
already initiated solutions and countermeasures.
More information about the BreachExchange
mailing list