Connect with us

Hi, what are you looking for?



Control Systems Firm PSI Struggles to Recover From Ransomware Attack

German control system solutions provider PSI Software says it is still recovering from a ransomware attack.

German control systems provider PSI Software this week announced that its systems are still down following a ransomware attack earlier this month.

The incident was initially disclosed on February 15, when the company announced that it proactively disconnected its systems from the internet, to prevent data exfiltration.

On Monday, the company updated its initial notification to reveal that ransomware was involved in the cyberattack and that it has yet to restore its internal IT infrastructure.

“As a result, all external connections and systems were successively shut down still in the night. We also shut down PSI’s mail system in the night, so that no mails have been sent from PSI systems since then,” the company said.

PSI also noted that it is still investigating the attack vector and that it has found no evidence that PSI systems at customer sites have been affected.

“According to current knowledge, there was no access to remote connections for the maintenance of customer systems,” the company said.

According to PSI, its security team is still working on containing the incident and restoring the affected systems. The responsible authorities have been notified of the attack, the company also said.

Headquartered in Berlin, PSI Software provides control systems to major European energy suppliers. Its solutions cover control, monitoring, and optimization for electricity, gas, oil, heat, and water, including leak detection and location, network utilization, operational management, and pipeline management.

Advertisement. Scroll to continue reading.

SecurityWeek has not observed any ransomware gang taking responsibility for the attack.

Related: Cactus Ransomware Group Confirms Hacking Schneider Electric

Related: Ransomware Group Takes Credit for LoanDepot, Prudential Financial Attacks

Related: Ransomware Attack Knocks 100 Romanian Hospitals Offline

Written By

Ionut Arghire is an international correspondent for SecurityWeek.


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.


People on the Move

Cody Barrow has been appointed the new CEO of threat intelligence company EclecticIQ.

Shay Mowlem has been named CMO of runtime and application security company Contrast Security.

Attack detection firm Vectra AI has appointed Jeff Reed to the newly created role of Chief Product Officer.

More People On The Move

Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


A SaaS ransomware attack against a company’s Sharepoint Online was done without using a compromised endpoint.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Data Breaches

Sony shares information on the impact of two recent unrelated hacker attacks carried out by known ransomware groups. 


Several major organizations are confirming impact from the latest zero-day exploits hitting Fortra's GoAnywhere software.

Data Breaches

KFC and Taco Bell parent company Yum Brands says personal information was compromised in a January 2023 ransomware attack.


Alphv/BlackCat ransomware group files SEC complaint against MeridianLink over its failure to disclose an alleged data breach caused by the hackers.


Johnson Controls has confirmed being hit by a disruptive cyberattack, with a ransomware group claiming to have stolen 27Tb of information from the company.