Nidec Corporation, a major Japanese manufacturer of automotive and industrial components with roughly $17 billion in annual revenue, has confirmed it was hit by a ransomware attack. The Blackfield group has claimed responsibility and is demanding a $2 million ransom.
The relatively modest ransom demand, especially against a company of Nidec’s size, is notable. Attackers increasingly set ransom amounts based on an estimate of what a victim is likely to pay quickly to avoid operational disruption and reputational fallout, rather than scaling demands strictly to revenue or company size. A lower, “easier to justify paying” demand can also reduce scrutiny and internal debate on the victim’s side, increasing the odds of a fast payout.
As a components supplier to the automotive and industrial sectors, Nidec’s operations sit inside multiple manufacturing supply chains. A ransomware-driven disruption to production or shipping schedules can cascade to downstream customers well beyond Nidec itself, which is likely part of the leverage the attackers are counting on.
Details on the initial access vector and scope of encrypted or exfiltrated data haven’t been disclosed. Organizations in manufacturing and supply chain roles should treat this as a reminder to validate offline, tested backups for production and ERP systems, and to have a documented decision process for ransom scenarios in place before an incident occurs, not during one.