Automation giant Pilz halts operations for a week after ransomware infection
Pilz, the German automation company, is still struggling to recover more than a week after it was infected with the BitPaymer ransomware strain.
A notice on the company’s website reveals that Pilz is suffering from a “targeted cyberattack” that has crippled “all server and computer based workplaces including communication network.”
With its entire computer system offline and its website working sporadically, Pilz is barely fulfilling orders with clients and is struggling to respond to inquiries.
On October 21, seven full days after incurring the ransomware contagion, Pilz was able to restore delivery capability but only for a scant number of areas.
“The company has implemented a crisis management group to resolve the technical problems as quickly as possible and to identify the origin of the attack. However, the technical problems might last for the next couple of days,” according to the notice.
ZDNet spoke with intelligence analyst Maarten van Dantzig and learned that Pilz fell victim to a typical attack by the BitPaymer gang. Specifically, he found BitPaymer samples uploaded on VirusTotal containing a ransom note with Pilz-related contact details, customized for the company’s network, Catalin Cimpanu reports.
Van Dantzig said the gang behind BitPaymer has been tied to ransomware demands up to $1 million. He also cautioned that BitPaymer typically arrives by means of the Dridex Trojan.
Dridex targets unsuspecting Windows victims with a seemingly innocent email attachment that can be opened in Word or Excel. Once opened (and if the user allows macros to run) the document downloads Dridex from the attacker’s command and control center, compromising the system and opening the victim up to additional infections, like ransomware. As such, BitPaymer victims must make sure they’ve completely cleansed all infected hosts – i.e. remove Dridex from the system – before taking them back online.
Pilz was founded in 1948 as a glass-blowing business. Its initial products were glass devices for medical technology and mercury relays for industrial applications. Today, the company supplies electronic control & monitoring devices, programmable logic controllers. Other products and services include sensor technology, bus and industrial wireless systems, risk assessments and training courses on machinery safety.
Ransomware typically inflicts massive financial losses on its victims, regardless of the strain. It’s hard to estimate the financial damage Pilz is set to incur from this week-long downtime. However, considering its product line and business model, the losses could be massive.
*** This is a Security Bloggers Network syndicated blog from HOTforSecurity authored by Filip Truta. Read the original post at: https://hotforsecurity.bitdefender.com/blog/automation-giant-pilz-halts-operations-for-a-week-after-ransomware-infection-21671.html