Summary: A new ransomware strain dubbed “PowerLock” has infected 12,000 public EV chargers across Germany and France. The malware doesn’t steal data but physically locks the charging cables into the vehicles, holding the cars hostage until a ransom is paid via QR code.
Business Impact: This moves cyber threats into the physical domain (“Cyber-Kinetic”). For logistics fleets relying on electric vans, this could cause massive delivery disruptions. It also raises liability questions for CPOs (Charge Point Operators).
Why It Happened: The chargers were running outdated embedded Linux kernels and shared a common default root password for maintenance access, which attackers brute-forced en masse.
Recommended Executive Action: If your company operates an EV fleet, ensure drivers have the manual emergency release protocols for your specific vehicle models. Review the security clauses in your SLA with charging infrastructure providers.
Hashtags: #IoT #Ransomware #EV #CyberKinetic #InfrastructureSecurity #PowerLock