Canyon Bicycles Revealed that Digital Attackers Accessed Its IT Systems
Canyon Bicycles revealed that malicious individuals succeeded in accessing its IT systems as the result of a digital attack.
The German bike manufacturer announced in a press release that the digital attack occurred shortly before the turn of the year.
For that attack, Canyon Bicycles explained that “a professionally organized group that specialize in attacking companies” accessed its IT systems. The malicious actors then moved on to encrypt and lock some of the manufacturer’s servers and software, thereby disrupting work and business processes not only at Canyon’s Koblenz site but also at all of its international companies. Only its U.S. company avoided disruption, as it operates its own IT system.
The attack did not affect Canyon’s website, however. It also didn’t prevent customers from placing orders via the company’s webs shop.
Upon learning of the attack, Canyon Bicycles contacted law enforcement and began cooperating with authorities on their investigation of the incident. They also notified the state commissioner for data protection in Rhineland-Palatinate as well as worked with forensics experts to control the attack and implement countermeasures.
Roman Arnold, Canyon founder and CEO, said that customers could face some delays as the company works to address the attack. As quoted by Pinkbike:
Unfortunately, we expect delays in customer contact and delivery in the next few days. We are making every effort to keep the impact on our customers and fans as low as possible and to get back to normal operations as quickly as possible. We regret this incident very much and apologize that Canyon is currently not able to offer its usual standard of service.
Canyon Bicycles did not clarify the method used by the digital attackers to encrypt its servers and software. That being said, organizations can take certain steps to protect themselves against ransomware, one of the most common means used by criminals to lock victims’ data. They can do this by preventing a ransomware infection in the first place using these recommendations.