PROBABLYPWNED
MalwareJuly 1, 20264 min read

Blackfield Ransomware Demands $2M From Electronics Giant Nidec

The Blackfield ransomware gang claims a breach at Nidec Corporation, demanding $2 million to prevent data leakage. This marks Nidec's second ransomware incident in two years.

James Rivera

The Blackfield ransomware gang posted Nidec Corporation to its leak site on June 29, claiming responsibility for a breach at the Japanese electronics manufacturing giant and demanding $2 million to suppress data publication.

Nidec confirmed ransomware-related damage at its subsidiary Nidec Chaun Choung Technology on June 22, 2026. The company operates in over 40 countries with $17.2 billion in annual revenue and 100,000 employees—making it a high-value target for extortion groups.

The Ransom Structure

Blackfield's demands follow the typical double-extortion playbook but with an unusual pricing menu. Beyond the $2 million base ransom, the group offers:

  • $5,000 to extend the publication deadline by one day
  • $400,000 for immediate data purchase by any interested buyer

The graduated pricing suggests Blackfield expects extended negotiations and is positioning itself to monetize the data regardless of whether Nidec pays. Offering third-party sales creates additional pressure on victims who might otherwise wait out the extortion attempt.

The gang gave Nidec more than 15 days to respond before threatening to publish or sell the stolen data. As of publication, Nidec has not publicly commented on whether it intends to negotiate.

Nidec's Ransomware History

This isn't Nidec's first encounter with ransomware. In October 2024, the company disclosed a breach at its Vietnam-based Nidec Precision division, where attackers exfiltrated over 50,000 sensitive files. That incident saw both 8Base and Everest ransomware gangs claim responsibility and attempt separate extortion—a relatively rare case of competing attribution.

The recurrence suggests either persistent vulnerabilities in Nidec's subsidiary security posture or deliberate re-targeting by threat actors who know the company's defenses. Manufacturing supply chain targets often share security weaknesses across geographically distributed operations, making one successful breach a roadmap for subsequent attacks.

Why Manufacturing Targets Matter

Nidec manufactures electric motors and electronic components for automotive (including Tesla) and computing applications. Supply chain disruption at a company of this scale ripples through multiple industries.

Ransomware groups have increasingly focused on manufacturing after discovering that operational disruption creates stronger payment incentives than data theft alone. Production downtime costs money immediately and visibly, while data exposure often feels abstract until it happens.

For Nidec specifically, leaked data could include:

  • Customer contracts and pricing (Tesla, Apple, other major buyers)
  • Product specifications and engineering documents
  • Supplier relationships and procurement data
  • Employee records across 40+ countries

Any of these categories could create competitive damage beyond the immediate extortion scenario.

About Blackfield

Blackfield emerged in early 2026 as a mid-tier ransomware operation. The group's tactics and infrastructure suggest operators with previous experience in other gangs, though definitive attribution remains unclear.

Unlike larger operations like LockBit or Qilin, Blackfield appears to focus on a smaller number of carefully selected targets rather than volume-based campaigns. The $2 million demand against Nidec aligns with that strategy—sized to the victim's ability to pay rather than a fixed rate card.

The gang operates a standard dark web leak site where it publishes victim names, countdowns, and sample data. File listings suggest they exfiltrated a substantial volume from Nidec, though the full scope won't be clear unless negotiations fail and publication begins.

Implications for Electronics Supply Chain

Major electronics buyers are reportedly monitoring the situation. If Nidec's manufacturing operations face extended disruption, component shortages could affect automotive and computing production schedules.

The broader pattern is troubling: we've covered multiple manufacturing supply chain attacks in recent weeks, including incidents at Apple and Tesla suppliers. Threat actors appear to be systematically targeting the electronics manufacturing ecosystem, likely recognizing that component dependencies create payment pressure that single-company attacks cannot.

What We're Watching

Whether Nidec pays or negotiates remains to be seen. The company's experience with the 2024 Nidec Precision incident may inform its response—having previously refused payment, it may take a similar stance here.

For the industry, Blackfield's creative pricing structure deserves attention. If third-party data sales become normalized alongside direct ransoms, victims lose the ability to contain damage even by paying. The model effectively creates a secondary market for stolen corporate data that operates independently of the extortion negotiation.

We'll update this story as Nidec's response becomes clear.

Related Articles