Blackfield Ransomware Demands $2 Million from Nidec Corporation
The Blackfield ransomware group is extorting Nidec Corporation for $2 million following a breach that impacted its Taiwanese subsidiary.
The Blackfield ransomware gang has targeted Nidec Corporation, a major Japanese manufacturer of electronic components, demanding a $2 million ransom. The attackers claim to have exfiltrated sensitive data and are threatening to publish or sell it if their demands are not met within 15 days.
Nidec, a global leader in electric motor manufacturing with annual revenues of $17.2 billion and operations in over 40 countries, confirmed that its Taiwanese subsidiary, Nidec Chaun Choung Technology, was compromised on June 22, 2026. The company stated that ransomware-originated damage was discovered on a portion of the subsidiary's servers, prompting emergency measures including server and network shutdowns to prevent further spread.
While Nidec disclosed a "possibility of information leak," the company has not yet confirmed if any personal or confidential information has been compromised or leaked online. An internal investigation is underway to assess the impact on production, shipping, and other business operations. Nidec has indicated that it does not expect the incident to affect other Nidec Corporation or Nidec Group companies.
The Blackfield threat actor has posted details of the breach on its extortion portal, offering to extend the deadline for negotiations by one day for $5,000. Additionally, the group is offering immediate access to the allegedly stolen data for a price of $400,000. To substantiate their claims, the attackers have leaked samples of data, including file structures and various documents, though BleepingComputer has not yet verified their authenticity.
This incident marks a significant escalation for Nidec, which suffered another data breach in October 2024. In that prior attack, ransomware actors, identified as both the 8Base and Everest gangs, targeted Nidec's Vietnam-based Nidec Precision division, exposing over 50,000 sensitive files. The two groups attempted to extort Nidec separately.
The Blackfield ransomware group has been active since at least late 2023, known for its double-extortion tactics. While specific technical details of this latest intrusion into Nidec's systems have not been disclosed, ransomware attacks typically involve gaining initial access through compromised credentials, exploiting vulnerabilities, or using social engineering tactics before deploying encryption and exfiltrating data.
Nidec's extensive global footprint and critical role in supplying components for automotive, computing, and industrial applications make it a high-value target. The company's previous experience with ransomware underscores the persistent threat landscape faced by large multinational corporations.
The ongoing investigation will determine the full extent of the breach and the potential impact on Nidec's operations and stakeholders. The company's response and any potential negotiations with the Blackfield group will be closely watched.