Professionally Organized Hacker Group
“The attack shows massive criminal intent”, confirmed Canyon founder and CEO Roman Arnold. “Due to the encryption of our IT infrastructure, work and business processes were temporarily massively affected. Apparently, this was perpetrated by a professionally organized group that specialize in attacking companies.” Not only was the Koblenz site directly affected, but all Canyon’s international companies were also hit. The only exception was the US branch, which operates on their own IT system. Canyon is one of the largest direct-to-consumer bike brands. The company relies on their online systems for orders as well as customer support. Fortunately, the website canyon.com has continued to run as usual and there has not been any impact on online orders. In the meantime, the attack has been identified and stopped.
Perpetrators Criminally Charged
Immediately after the cyberattack became known, Canyon Bicycles informed the responsible authorities. Since then, there has been close cooperation with both the Koblenz and State Criminal Investigation Department. In addition, Canyon has informed the state commissioner for Data Protection in Rhineland-Palatinate. “IT, forensic and cyber security experts were able to quickly analyze and control the attack and have already initiated solutions and countermeasures. Criminal charges will be filed against the perpetrators”, stated Roman Arnold.
No Mention of Ransomware
Canyon Bicycles made no reference to ransomware. Therefore, it is not known if a ransom has been demanded or if it has been paid. The manufacturer does expect delays in customer contact and deliveries. “We are making every effort to keep the impact as low as possible and to get back to normal operations as quickly as possible,” Roman Arnold concluded. In the European Cyber Safe Index, Germany came out as the most cyber safe European nation. The country has the highest number of anti-cybercrime legislation pieces in place and is also highly committed to tackling cybercrime. Nonetheless, this cyberattack again underlines the importance for businesses to improve their cybersecurity.