Semikron, a German manufacturer that produces semiconductors for electric vehicles and industrial automation systems, has confirmed it has fallen victim to a cyberattack that has resulted in data encryption.
“Semikron is already in the process of dealing with the situation so that workflows and all related processes can continue without disruption for both employees and customers as soon as possible,” a Semikron spokesperson told TechCrunch.
Semikron declined to disclose the nature of the cyberattack, but all signs point to ransomware. The semiconductor maker said in a statement that hackers claim to have “exfiltrated data from our system,” adding that the incident has led to a “partial encryption of our IT systems and files.” This suggests the malicious actor behind the attack has used the double extortion ransomware tactic, whereby cybercriminals exfiltrate a victim’s sensitive data in addition to encrypting it.
The Nuremberg-based company, which claims to power 35% of the wind turbines installed globally each year, declined to say who was behind the attack, nor whether it received a ransom demand. However, Bleeping Computer reports that Semikron was the victim of the LV ransomware, with the hackers apparently stealing 2 terabytes of documents.
LV ransomware has been in operation since at least 2020 and uses a modified variant of REvil ransomware, according to cybersecurity company Secureworks. According to the group’s dark web blog, which doesn’t yet list Semikron as a victim, the gang targets companies that allegedly do not meet data protection obligations.
“They rejected to fix their mistakes, they rejected to protect this data in the case when they could and had to protect it,” its dark web blog states. “These companies preferred to sell their private information, their employees’ and customers’ personal data.”
It’s unclear what data was exfiltrated from Semikron’s systems, and the company declined to say how many customers and employees are potentially impacted. Semikron has more than 3,000 employees in 24 offices and eight production sites worldwide across Germany, Brazil, China, France, India, Italy, Slovakia and the United States.
Disrupt 2026: The tech ecosystem, all in one room
Your next round. Your next hire. Your next breakout opportunity. Find it at TechCrunch Disrupt 2026, where 10,000+ founders, investors, and tech leaders gather for three days of 250+ tactical sessions, powerful introductions, and market-defining innovation. Register now to save up to $400.
Save up to $300 or 30% to TechCrunch Founder Summit
1,000+ founders and investors come together at TechCrunch Founder Summit 2026 for a full day focused on growth, execution, and real-world scaling. Learn from founders and investors who have shaped the industry. Connect with peers navigating similar growth stages. Walk away with tactics you can apply immediately
Offer ends March 13.
“With the support of external cyber security and forensic experts, we are investigating the incident,” Semikron added. “At the same time, we are working to restore the ability to work in order to minimize the disruption to our employees, customers and partners and to ensure the security of our IT systems as best as possible.”
A ransomware attack on a debt collection firm is one of 2022’s biggest health data breaches
