The Blackfield ransomware group has claimed responsibility for an attack on Nidec Chaun Choung Technology, a Taiwanese subsidiary of the Japanese motor giant, demanding $2 million to delete exfiltrated data. The incident, confirmed by Nidec Corporation on June 22, 2026, introduces a novel twist in cybercrime: a flexible pricing structure that includes paid daily deadline extensions and a discounted immediate-download option. The case illustrates how the ransomware ecosystem has evolved sophisticated commercial logic calibrated to maximize yield and lower victim resistance.
- Blackfield claimed the attack on Nidec Chaun Choung Technology with a $2 million ransom demand for deletion of exfiltrated data.
- The group structured a "price menu" featuring daily deadline extensions at $5,000 per day and an immediate data download option for $400,000.
- Nidec confirmed the attack on June 22, 2026, isolated affected systems, but has not verified actual exfiltration of personal or confidential data online.
- This is the second ransomware attack in under two years against a Nidec subsidiary, following a 2024 incident at the Vietnamese division Nidec Precision.
How the Installment Extortion Works: Blackfield's Pricing Structure
The stakes extend beyond the ransom amount to how it has been calibrated. Blackfield granted Nidec more than 15 days to respond and negotiate, according to BleepingComputer. This window exceeds the typical ransomware deadline of 72–96 hours designed to accelerate psychological pressure.
The real innovation lies in the multi-tier pricing. Alongside the $2 million deletion fee, Blackfield offers a one-day deadline extension for $5,000. This option transforms the extortion from a binary event into an ongoing commercial relationship, where each day of delay carries a predictable, relatively low cost compared to the total demand.
The immediate data download option for $400,000 completes the picture. Priced at 20% of the primary demand, it can be read as an "entry-level" offer for third-party buyers interested in industrial data, or as an escape hatch for Nidec if negotiations stall. The source does not specify whether this option includes exclusivity or if the data remains available for parallel sale.
What Nidec Confirmed and What Remains Speculative
Nidec Corporation issued an official statement in the week prior to the news breaking, confirming the attack on its Taiwanese subsidiary. The company stated that on June 22, 2026, "damage derived from ransomware" was confirmed on part of Nidec Chaun Choung Technology's servers. The immediate response was system isolation: "emergency measures, including shutting down the affected server and network, were taken."
The same statement, reported by BleepingComputer, contains cautious language on the data itself: "possibility of information leak, although no personal or confidential information has been confirmed to have been leaked online." This phrasing leaves open the possibility of an intrusion with system access but without verified exfiltration, or an acquisition of data not yet classified as "personal" or "confidential" under strict Japanese compliance definitions.
Blackfield posted data samples on its .onion leak site, showing file structures and various documents. BleepingComputer explicitly stated it could not confirm the validity of these samples. The exact volume of exfiltrated data, the precise nature of the documents, the initial access vector, and the current negotiation status remain undocumented by the source.
Industrial Context: Why Nidec Is a High-Value Target
Nidec Corporation is one of the world's leading suppliers of precision electric motors, with revenue of approximately $17.2 billion, roughly 100,000 employees, and operations in over 40 countries. Its product range spans motors for automotive, consumer electronics, robotics, elevators, and HVAC systems. This position in the global supply chain makes every subsidiary a potentially critical node for disrupting OEM customers' production.
Nidec Chaun Choung Technology, based in Taiwan, operates in electronic components and cooling systems for industrial applications. Its geographic location fits a recurring pattern: Japanese corporations with East Asian subsidiaries that attract ransomware attention due to the combination of high-value technology assets and potentially heterogeneous security postures between headquarters and regional affiliates.
The dossier does not document confirmed impacts on production, shipments, or business operations at the Taiwanese subsidiary. It also does not indicate whether other Nidec Group subsidiaries were involved in the incident.
A Precedent That Carries Weight: The Second Attack in Two Years Against the Group
The context makes the incident particularly relevant for its recurrence. In October 2024, the Vietnamese division Nidec Precision suffered a ransomware attack claimed simultaneously by the 8Base and Everest groups, with over 50,000 files exposed. This precedent raises questions about the group's security perimeter resilience and the potential sharing of IT infrastructure across subsidiaries that expands the attack surface.
The repeat targeting suggests ransomware groups track and archive victims with operational details, and that a global corporation's supply chain offers multiple serializable entry points over time. The source provides no elements to technically link the two attacks or verify whether they were conducted with common tools or infrastructure.
"On Monday, June 22, 2026, ransomware-originated damage was confirmed in part of Nidec Chaun Choung Technology's server"
— Nidec Corporation, official statement reported by BleepingComputer
Why This Matters
The brief does not document specific remedial measures adopted by Nidec beyond system isolation. The dossier does not specify the nature of the data exposed in the published samples, nor whether the attack involved system encryption beyond exfiltration. No information emerges on Blackfield's operational history or its distinguishing technical characteristics compared to other ransomware operators.
The Blackfield-Nidec case reveals a transformation in the cybercrime business model: ransomware no longer simply encrypts and demands, but structures commercial offers with options, extendable deadlines, and differentiated pricing. This level of economic sophistication reflects an ecosystem maturity that traditional defenses, focused on technical containment, may not adequately counter unless integrated with reputational risk assessment and extortion response plans that include the negotiation dimension.
For corporations with global supply chains, the incident signals that the security of a foreign subsidiary is no longer a secondary perimeter: it is the preferred entry point for attacks striking the group's industrial core. The source does not specify whether Nidec has initiated security audits on its other Asian subsidiaries following the incident.
Information is based on the cited source and current as of publication.
Sources
- https://www.bleepingcomputer.com/news/security/blackfield-ransomware-asks-nidec-corporation-for-2-million-ransom/
- https://www.hendryadrian.com/blackfield-ransomware-asks-nidec-corporation-for-2-million-ransom/
- https://www.dexpose.io/blackfield-ransomware-strikes-nidec-chaun-choung-technology-corporation/
- https://www.ransomware.live/group/Blackfield
- https://nvd.nist.gov/vuln/detail/CVE-2026-41940
- https://nvd.nist.gov/vuln
- https://nvd.nist.gov/vuln/search
- https://nvd.nist.gov/vuln/categories
- https://nvd.nist.gov/vuln/data-feeds
- https://nvd.nist.gov/vuln/vendor-comments