Cyber Incident Victim: Whirlpool Corporation

In early December 2020, the Nefilim ransomware gang executed an attack against Whirlpool Corporation, one of the world's largest home appliance manufacturers with brands including KitchenAid, Maytag, and Indesit. The threat actors exfiltrated sensitive corporate data before encrypting devices, following the double-extortion tactic common among ransomware groups. A cybersecurity industry source indicated the attack occurred during the first weekend of December. Approximately three weeks later, Nefilim publicly leaked stolen Whirlpool documents through their data leak site. The published data included internal records related to employee benefits, accommodation requests, medical information, background checks, and other human resources-related materials. Whirlpool, which operates 59 manufacturing and technology centers globally with 77,000 employees and $20 billion annual revenue, confirmed the incident after the data leak became public.

Whirlpool Corporation detected the ransomware intrusion and contained the malware rapidly according to their statement to BleepingComputer. The company emphasized that data privacy remained a top priority and confirmed full restoration of systems by December 28, correcting initial reports about gradual recovery. Whirlpool stated no evidence indicated consumer information exposure or ongoing operational impacts from the attack. Nefilim, while not among the most active ransomware operations at the time, had previously targeted major organizations including telecommunications firm Orange S.A., facility management company Dussmann Group, eyewear manufacturer Luxottica, and logistics provider Toll Group. The gang’s modus operandi involved stealing sensitive data prior to encryption and threatening its release to pressure victims into paying ransoms.