In the beginning of December there was some scant information on the Internet saying that Volvo Car Corporation (VCC) had been hit by a ransomware attack. On 1st of December, a tweet on Twitter from a security researcher with the Twitter alias SecuNinja (@secuninja) posted that the Snatch ransomware group had claimed a successful hack on VCC and linked to the website DarkFeed, where the same short piece of information had been published the day before.

In weird English, there was also a post about it on saying:

“Snatch just recently we have published on its rising and today they have published Volvo cars as one of their victims”. The post was also dated November 30, 2021.

At that time (beginning of December) it was not really clear what had happened. Just that something had happened. And “speculations” is not the kind of news that we write about in this newsletter, and since nothing could be read about it at the VCC website, we thought we could give the potential cyberbreach some more time.

And time did tell. On December 10th Volvo disclosed in a press release that unknown attackers have stolen R&D information by hacking some of their servers. But no details on who performed the attack or if any payment have been requested has been disclosed by Volvo so far. Hence, whether a ransomware attack have been performed or not, by Snatch or any, is not confirmed. However, the press release states:

“After detecting the unauthorized access, the company immediately implemented security countermeasures including steps to prevent further access to its property and notified relevant authorities.”

At the time of writing, Snatch has not released any further evidence of access to any more data than the data Volvo confirmed to be exposed.

More information will probably be available once Volvo’s investigation, conducted by third-party security experts, comes to an end.

Written by Joakim Rosell