SuperAlloy Industrial Company Ltd. (SAI) is an international company specializing in engineering and manufacturing lightweight metal products predominantly for the automotive industry. You may not recognize their name but might be driving around on their wheels, as SAI has produced lightweight forged aluminum wheels for McLaren, Ferrari, AMG, BMW, Jaguar, Daimler, and other manufacturers.
SAI is headquartered in Taiwan, but also has offices in the U.S., U.K., Germany, and Netherlands.
Yesterday, the Hive ransomware team added SAI’s name to their leak site, claiming that they encrypted SAI’s servers on June 21. The claim was accompanied by a file tree and a warning that SAI had three days to get in touch or Hive would disclose the firm’s data.
Applying Pressure
Hive shared their email chain with SAI with DataBreaches. The email provides some insight into Hive’s approach to pressuring its victims into paying and the extent to which they research their victims in order to apply specific pressure points. In this case, Hive has not emphasized the possible impact of any encrypted servers but appears to focus on the reputational harm, regulatory obligations, client and partner anger, and other negative consequences of any leak of what they claim is more than 1.5 TB of SAI’s data. In chronological order, Hive’s emails:
June 21, the same day that the servers were encrypted:
! ! ! DO NOT TRY TO DECRYPT OR CHANGE ENCRYPTED FILES ON YOUR COMPUTERS, IT WILL COMPLETELY DESTROY THEM ! ! !
Ladies and gentlemen! Attention, please! Your network has been breached!
We infiltrated your network and stayed there for 21 days (it was enough to
study all your documentation and gain access to your files and services),
encrypted your servers.Downloaded most important information with a total size over 1.51 Tb
Few details about information we have downloaded:
– contracts, nda and other agreements documents
– your company private info:
-budgets
-plans
-investments
-company bank statements
-other sensitive information– your customers companies info:
-contracts
-development files
-agreements
-emails
-contacts for “third party data leaks reports”
-nda’s
-other private information– blueprints
– development files
– material tests and upgrades
– assembly documentation
– other private informationWe studied your contracts and agreements carefully, and found out that sum of fines for data leak from your customers and partners will be much higher than the ransome price we offering you to pay.
You can find a file named “HOW_TO_DECRYPT.TXT” which contains instructions about how to contact us and return your files.
We offering you to enter into negotiations with us as soon is possible.
Please, do not forget that after the publication of this, you should expect court fines, both from your clients and from the regulator, and also a huge business reputation loss, with police investigation into your business. We also noticed that one of your board members is a Minister of Justice of the Republic of China aka Morley Shih Shih Mao-lin. We guess this situation will be extremely uncomfortable for this person.
IF YOU WILL REFUSE TO GET IN TOUCH WITH US WITH THE INSTRUCTIONS WE PROVIDED TO YOU WE WILL BE FORCED TO POST ALL YOUR DATA FOR FREE DOWNLOAD
Have a nice day.
! ! ! DO NOT TRY TO DECRYPT OR CHANGE ENCRYPTED FILES ON YOUR COMPUTERS, IT WILL COMPLETELY DESTROY THEM ! ! !
[Comment by DataBreaches: Morley Shih was Minister of Justice of the Republic of China in 2005-2008 but is not a minister at the present time. But if he was currently a Minister of Justice, wouldn’t that be more likely to result in a recommendation for the firm not to pay extortion?]
June 23, Hive emailed SAI again:
Good day. We noticed that you have read our messages but did not answer. Well, this is a bit sad since you have Annual Meeting scheduled 2022.06.27 09:00 AM. We offering you once again to negotiate with us. If you refuse to answer us again before this meeting, we will inform following contacts about your data loss:
– GreTai Securities Market
– Mega Securities, your stock agent
– investors
– government regulators
– social mass medias, FB IG WEIBO
– customersOnce again, ransom price we offering you to pay is much less then fines and huge reputation loss, minding the fact that your shares are trading on
taiwan stock market under code 1563.
June 24, Hive emailed SAI again:
You really don’t understand the situation.
We are a large and well-to-do team. Our turnover for the last year exceeded $300M.
We have thoroughly studied your company as well as financial documents. And we estimated the losses that the company will incur if all downloaded data is published.
Firstly, we will send all your employees and clients instructions on where
and why they should contact in connection with the leak of their personal
data.Secondly, since you have not officially announced the leakage of personal
data, we will inform the regulator. And you will be fined accordingly.Thirdly, from your databases we will collect the email addresses of all your partners and also notify them that you do not know how to keep confidential information.
Continue further? I think even these 3 points can ruin your business
forever. A business reputation is earned over the years and it can be lost
in a matter of hours[Hive’s onion URL redacted by DataBreaches]
Google about our team.
June 28, after listing SAI on their leak site, Hive sent one more email addressed to five SAI executives:
We have disclosed you on our website.
[Onion link redacted by DataBreaches.net]
But you still have time till July 4th to make an agreement with us and stop data leak.
DataBreaches submitted an inquiry to SAI yesterday morning but received no reply.
When asked if Hive received any replies at all from SAI, Hive’s spokesperson informed DataBreaches that someone from SAI did show up in chat and found out how much ransom was being demanded. Since then, there has reportedly been no contact or response by the firm.
This post will be updated when more information becomes available.