Security Lessons from the Nidec Ransomware Attack

Share this article
Share this article
Prioritise Us on Google
Muhammad Yahya Patel, CISO and Cybersecurity Advisor for EMEA at Huntress | Credit: LinkedIn
With US$2m at stake, the attack on Nidec show how criminals make their demands ‘easier to pay than to fight,’ says Muhammad Yahya Patel, vCISO of Huntress

Held at hostage point with a nasty ransomware attack is Japanese electronics manufacturer, the Nidec Group.

The ransom demand on the table is US$2m and sitting opposite is the Blackfield ransomware gang. 

“On Monday, June 22 2026, ransomware-originated damage was confirmed in part of Nidec Chaun Choung Technology’s server,” Nidec says in its initial ransomware report.

“Thereafter, to prevent the spread of the damage, emergency measures, including shutting down the affected server and network, were taken.”

The company says it promptly disclosed the incident to the authorities, external specialised agencies and launched an investigation to pinpoint the origin of the attack.

Nidec group has confirmed ransomware attack | Credit: Nidec

While the investigation is ongoing and a possibility of an information leak persists, Nidec notes that it did not find evidence of personal or confidential information that has been leaked.

Demands of the Blackfield ransomware gang

The manufacturing giant has been given more than 15 days to pay up the ransom and engage in negotiations, the lapse of which the gang may sell or publish the alleged stolen data.

Key figures
  • Ransom demand on the table is US$2m to be paid in 15 days
  • The company is given the option to extend the deadline by a day by paying US$5,000

The company also has the option to extend the deadline by a day if it ponies up US$5,000, as per the screenshot and reporting by Bleeping Computer.

Another link says the company can pay a lump sum of US$400,000 to immediately download the data.

The ransomware gang is demanding US$2m in ransom and has given 15 days to negotiate or pay up | Credit: Getty

Bleeping computer report and the screenshot also show that the threat actor has leaked a trove of documents they claim to be from Nidec, but the voracity of these has not been verified.

Impact: 'Easier to pay than to fight'

The company is still investigating the impact on its operations, which it confirms to disclose promptly if and when identified.

This is the pattern playing out across global manufacturing right now, critical infrastructure providers with complex international operations and legacy industrial systems are attractive targets precisely because the operational stakes are so high

Muhammad Yahya Patel, vCISO and Cybersecurity Advisor at Huntress

“The containment detail here matters and deserves credit,” says Muhammad Yahya Patel, vCISO & Cybersecurity Advisor at Huntress.

“Nidec confirmed the ransomware damage was isolated to part of Nidec Chaun Choung Technology's server, with emergency shutdown measures taken to prevent spread and stated that because this subsidiary operates an independent network unique to its group, the issue will not affect Nidec Corporation or other Nidec Group companies.

“That's a textbook example of network segmentation doing exactly what it's supposed to do,  limiting a breach to a contained blast radius rather than letting it cascade across a 100,000-employee, 40-country organisation.

Youtube Placeholder

“This is the pattern playing out across global manufacturing right now, critical infrastructure providers with complex international operations and legacy industrial systems are attractive targets precisely because the operational stakes are so high.”

Muhammed points out another interesting factor – the ransom itself, which in his words “looks almost modest set against Nidec's revenue,” a figure that exceeds US$17bn.

“The ransom figure should tell security leaders something,” he says.

“These groups are pricing their demands to be ‘easier to pay than to fight,’ banking on speed of resolution over maximum extraction.”

Muhammed notes that this incident puts back in spotlight supply chain concentration in critical components as a risk multiplier.

As the countdown still is in play, with no resolution in sight Nidec issues its regrets: “We deeply apologise to our shareholders, investors, business partners and others concerned for the tremendous anxiety that this matter must have caused.”

Company portals

Executives