Automation tools manufacturer Pilz has been hit by a cyberattack that took down almost its entire infrastructure.
Pilz is a major automation technology supplier based in Ostfildern, Germany. It offers machine and process automation and safety products, consultancy, engineering and training, and has branches all around the globe.
The company was hit on October 13, with all of its server-based workplaces, including the international communication network, affected.
The cyberattack appears to have affected all of the company’s offices, which span over 70 countries all around the globe. Although production wasn’t impacted, the company was not able to take orders or process deliveries.
“For reasons of precaution, we have disconnected all computer systems from the internet. We will inform you about the current situation,” the company announced on Twitter last week.
Within days after the initial compromise, Pilz was able to start taking orders again, but announced that it was still unable to provide delivery dates automatically.
Initially, the company was only able to resume taking orders via telephone and a single email address, but it then managed to restore its email ordering system at subsidiaries worldwide.
The company was able to restore delivery capabilities this week, but only for some areas, meaning that its systems continue to be affected. In fact, it appears that even its website is only working partially.
“For certain areas we have been able to restore the delivery power. In addition, all planned training sessions at our Pilz Academy in Ostfildern will take place as planned,” the automation provider said in a tweet earlier today.
Pilz announced that it launched an investigation and that its team of specialists was working closely with external forensic experts and the Baden-Württemberg State Criminal Police Office.
On its website, the company only revealed that it was the victim of a targeted cyberattack, without providing additional information on the nature of the incident.
According to ZDNet, the manufacturer’s network was disrupted by a piece of ransomware. The malware involved appears to have been BitPaymer, which was previously associated with TA505, the threat actor behind the infamous Dridex and Locky malware families.
Related: Georgia County’s Experience Shows Perils of Ransomware
Related: Aluminum Giant Norsk Hydro Hit by Ransomware
Related: Pitney Bowes Says Disruptions Caused by Ryuk Ransomware
More from Ionut Arghire
- Former Ubiquiti Employee Who Posed as Hacker Pleads Guilty
- Atlassian Warns of Critical Jira Service Management Vulnerability
- Exploitation of Oracle E-Business Suite Vulnerability Starts After PoC Publication
- Google Shells Out $600,000 for OSS-Fuzz Project Integrations
- F5 BIG-IP Vulnerability Can Lead to DoS, Code Execution
- Flaw in Cisco Industrial Appliances Allows Malicious Code to Persist Across Reboots
- HeadCrab Botnet Ensnares 1,200 Redis Servers for Cryptomining
- Malicious NPM, PyPI Packages Stealing User Information
Latest News
- Former Ubiquiti Employee Who Posed as Hacker Pleads Guilty
- Cyber Insights 2023: Venture Capital
- Atlassian Warns of Critical Jira Service Management Vulnerability
- High-Severity Privilege Escalation Vulnerability Patched in VMware Workstation
- Exploitation of Oracle E-Business Suite Vulnerability Starts After PoC Publication
- China Says It’s Looking Into Report of Spy Balloon Over US
- GoAnywhere MFT Users Warned of Zero-Day Exploit
- Google Shells Out $600,000 for OSS-Fuzz Project Integrations
