Security Lessons from the Nidec Ransomware Attack

Held at hostage point with a nasty ransomware attack is Japanese electronics manufacturer, the Nidec Group.
The ransom demand on the table is US$2m and sitting opposite is the Blackfield ransomware gang.
“On Monday, June 22 2026, ransomware-originated damage was confirmed in part of Nidec Chaun Choung Technology’s server,” Nidec says in its initial ransomware report.
“Thereafter, to prevent the spread of the damage, emergency measures, including shutting down the affected server and network, were taken.”
The company says it promptly disclosed the incident to the authorities, external specialised agencies and launched an investigation to pinpoint the origin of the attack.
While the investigation is ongoing and a possibility of an information leak persists, Nidec notes that it did not find evidence of personal or confidential information that has been leaked.
Demands of the Blackfield ransomware gang
The manufacturing giant has been given more than 15 days to pay up the ransom and engage in negotiations, the lapse of which the gang may sell or publish the alleged stolen data.
- Ransom demand on the table is US$2m to be paid in 15 days
- The company is given the option to extend the deadline by a day by paying US$5,000
The company also has the option to extend the deadline by a day if it ponies up US$5,000, as per the screenshot and reporting by Bleeping Computer.
Another link says the company can pay a lump sum of US$400,000 to immediately download the data.
Bleeping computer report and the screenshot also show that the threat actor has leaked a trove of documents they claim to be from Nidec, but the voracity of these has not been verified.
Impact: 'Easier to pay than to fight'
The company is still investigating the impact on its operations, which it confirms to disclose promptly if and when identified.
This is the pattern playing out across global manufacturing right now, critical infrastructure providers with complex international operations and legacy industrial systems are attractive targets precisely because the operational stakes are so high
“The containment detail here matters and deserves credit,” says Muhammad Yahya Patel, vCISO & Cybersecurity Advisor at Huntress.
“Nidec confirmed the ransomware damage was isolated to part of Nidec Chaun Choung Technology's server, with emergency shutdown measures taken to prevent spread and stated that because this subsidiary operates an independent network unique to its group, the issue will not affect Nidec Corporation or other Nidec Group companies.
“That's a textbook example of network segmentation doing exactly what it's supposed to do, limiting a breach to a contained blast radius rather than letting it cascade across a 100,000-employee, 40-country organisation.
“This is the pattern playing out across global manufacturing right now, critical infrastructure providers with complex international operations and legacy industrial systems are attractive targets precisely because the operational stakes are so high.”
Muhammed points out another interesting factor – the ransom itself, which in his words “looks almost modest set against Nidec's revenue,” a figure that exceeds US$17bn.
“The ransom figure should tell security leaders something,” he says.
“These groups are pricing their demands to be ‘easier to pay than to fight,’ banking on speed of resolution over maximum extraction.”
Muhammed notes that this incident puts back in spotlight supply chain concentration in critical components as a risk multiplier.
As the countdown still is in play, with no resolution in sight Nidec issues its regrets: “We deeply apologise to our shareholders, investors, business partners and others concerned for the tremendous anxiety that this matter must have caused.”





