Sea-Doo is one of the most renowned manufacturers of summer watercraft. It was founded as Bombardier Sea-Doo in 1968.
RansomEXX launched a ransomware attack on the maker of some of the world's most popular jet skis. Bombardier Recreational Products, the group behind the Sea-Doo brand and maker of Ski-Doos, was victimized in the attack. Take a look at your local recreational water space on any given summer day, and you are sure to see at least one Ski-Doo. Let's examine how this unique breach occurred and who it impacted.
The cyberattack is the work of the aforementioned RansomEXX gang. Bombardier and other victims have described the ransomware group's digital offensive as malicious online activity. However, it appears as though the damage inflicted by RansomEXX attacks might be worse than initially characterized.
This breach occurred on August 8, 2022.
The breach is significant as it brought Ski-Doo production to a grinding halt. Furthermore, the breach also resulted in delaying sales and other transactions, ultimately making it challenging to grease the wheels of business between the company, its suppliers, and Ski-Doo customers. The breach impacted company operations in the United States, along with more than 100 other countries.
The hack accessed nearly 30 gigabytes of files. Examples of documents accessed in the attack include company contracts, supply agreements, identifications, passports, and even highly sensitive non-disclosure agreements.
Digital forensics analysis of the hack indicates customer data might not have been stolen. The key takeaway from this breach is that it is in your company's interest and also that of your own to add breach notifications and update them at least once per year.