Volvo said it is now aware that “one of its file repositories has been illegally accessed by a third party.” “Investigations so far confirm that a limited amount of the company’s R&D property has been stolen during the intrusion. Volvo Cars have earlier today concluded, based on information available, that there may be an impact on the company’s operation,” Volvo said in a statement. “After detecting the unauthorized access, the company immediately implemented security countermeasures including steps to prevent further access to its property and notified relevant authorities.” Volvo added that it is still in the process of investigating the incident and has hired a cybersecurity firm to help “investigate the property theft.” The attack did not have “an impact on the safety or security of its customers’ cars or their personal data,” the company noted in their statement. But they conditioned the statement by saying this was only based on their “currently available information.” Bleeping Computer reported that the Snatch ransomware group has claimed responsibility for the attack after adding the company to its leak site on November 30. The group already published a small portion of the documents they stole on their leak site. According to Sophos, the group has been active since 2018 and gained notoriety in 2019 for a novel trick where they were able to bypass antivirus software by rebooting an infected computer into Safe Mode and running the ransomware’s file encryption process from there. The group became known for buying access into victim networks and lurking for days and weeks, expanding their foothold in a company before initiating the ransomware process. The group also became well known as a ransomware gang that engaged in data theft in addition to encrypting victim networks. Erich Kron, security awareness advocate at KnowBe4, said most ransomware is spread through phishing emails or through exploiting RDP instances open to the internet, noting that this was a hallmark of Snatch. “The Snatch gang makes great use of RDP in infection and lateral movement within an organization. To defend against these attacks, organizations are wise to ensure employees are trained on the importance of using complex passwords and not reusing passwords with other accounts. Organizations should also be on high alert for brute force attempts against RDP,” Kron said.