Wednesday, April 16, 2025
Latest:
The Register

US sensor giant Sensata admits ransomware derailed ops

TH Author

US sensor maker Sensata has told regulators that a ransomware attack caused an operational disruption, and that it’s still working to fully restore affected systems.

Sensata, which raked in $4 billion in revenue in 2023, said the ransomware attack took place on April 6 and has encrypted “certain devices” on its network. The biz offers sensors, “sensor-rich solutions,” and electrical protection kits used in mission-critical systems, and it boasts it ships “over a billion” devices a year [PDF].

The Attleboro, MA-headquartered company, whose products are used in a variety of contexts including electric vehicles, airplanes, renewable energy, and industrial equipment, actually mentioned the word “ransomware” in its Form 8-K. It’s a welcome rarity when it comes to cyber incident disclosures, although there is nothing on its website or social media pages highlighting the ongoing technical difficulties.

In the form, Sensata confirmed its operations are temporarily affected, including “shipping, receiving, manufacturing production, and various other support functions.” 

The outfit says it implemented containment measures – including proactively taking its network offline – launched an investigation with the help of third-party cybersecurity professionals, and rolled out interim measures to get some functions back online. But there’s no word yet on how well that’s going, or when full operations will resume.

It sounds like a classic double extortion scenario: devices were encrypted, and evidence files were taken – though the full scope of that is still under review. While this is standard operating procedure for most ransomware gangs, there’s no clear indication yet of who’s behind the attack.

No group has claimed responsibility for the attack at the time of writing, but typically it doesn’t take long for the the first threats of data leakage to be made after regulators and the public are informed. This is usually seen as a signal to the criminals that the victim isn’t willing to meet the ransom demands.

The double extortion model hinges on the criminals’ bet that a victim will pay to keep things quiet and avoid reputational fallout. If they cave and cough up the ransom, they’re promised a decryption key and assurances their stolen data won’t be leaked, although events don’t usually conclude as simply as that. Decryption tools can fail, and even if data isn’t published, there’s no reason to believe the crooks actually deleted their copies.

As for what files were stolen exactly, that still remains to be seen. Investigators likely have a vague idea but confirming everything takes time, and investigations into the stolen files remain ongoing.

Sensata filed its disclosure with the Securities and Exchange Commission (SEC) on April 9, and at the time of filing, it said it didn’t expect the ransomware attack to have a material impact on its upcoming financial results for the three months ended June 30, 2025. However, it added that the “full scope and impact of this incident is not yet known and could result in a future determination that the incident will be material to the Company’s financial statements and results of operations.”

Originally founded in 1916 as General Plate Company, a supplier to the jewelry industry, the business evolved through several corporate owners before becoming Sensata Technologies in 2006, following Bain Capital’s acquisition of Texas Instruments’ sensors and controls division.

Now, it manufactures an extensive array of sensors for various use cases. It produces pressure sensors, relays, temperature sensors, circuit breakers, tire management sensors, and more.

Given its importance in the supply chains of many industries such as aerospace, construction, defense, HVAC, manufacturing, and others, Sensata is exactly the type of company ransomware gangs love to target. 

If its operational disruptions continue for an extended period, the issues will then reverberate down the supply chains, putting pressure on the company to find a quick resolution. The crooks will, of course, use that as leverage to encourage it to pay their ransom demands. ®

READ MORE HERE