The American multinational manufacturer and marketer of home appliances Whirlpool suffered a ransomware attack, Nefilim ransomware operators claim to have stolen data from the company and threaten to release the full dump if the company will not pay the ransom.
The leak comes after failed negotiations with the executives of Whirlpool.
The company markets multiple brands, including Whirlpool, Maytag, KitchenAid, JennAir, Amana, Gladiator GarageWorks, Inglis, Estate, Brastemp, Bauknecht, Ignis, Indesit, and Consul. Their website also mentions Diqua, Affresh, Acros, and Yummly brands.
The company has over 77,000 employees at 59 manufacturing & technology research centers worldwide and generated $20 billion in revenue for 2019.
During the weekend, the Nefilim ransomware operators published the first batch of data that includes documents related to employee benefits, accommodation requests, medical information requests, and other info.
“This leak comes after long negotiations and unwillingness of executives of Whirlpool Corporation to uphold the interests of their stakeholders. Whirpools cybersecurity is very fragile, which allowed us to breach their network for the second time after they stopped the negotiations.” states the message published by the ransomware gang on their leak site.
The Nefilim ransomware gang leaked a text file and a 7zip archive named Whirlpool_filelist.txt and Whirlpool_part1.7z respectively.
Bleeping Computer reported that the security breach took place in early December.
In October the Nefilim ransomware operators leaked a long list of files belonging to Italian eyewear and eyecare giant Luxottica.
Other victims of the ransomware gang are the mobile network operator Orange, the independent European leader in multi-technical services The SPIE Group, the German largest private multi-service provider Dussman Group, and the Toll Group.
If you want to receive the weekly Security Affairs Newsletter for free subscribe here.
(SecurityAffairs – hacking, Whirlpool)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.