Automation tools manufacturer Pilz has been hit by a cyberattack that took down almost its entire infrastructure.
Pilz is a major automation technology supplier based in Ostfildern, Germany. It offers machine and process automation and safety products, consultancy, engineering and training, and has branches all around the globe.
The company was hit on October 13, with all of its server-based workplaces, including the international communication network, affected.
The cyberattack appears to have affected all of the company’s offices, which span over 70 countries all around the globe. Although production wasn’t impacted, the company was not able to take orders or process deliveries.
“For reasons of precaution, we have disconnected all computer systems from the internet. We will inform you about the current situation,” the company announced on Twitter last week.
Within days after the initial compromise, Pilz was able to start taking orders again, but announced that it was still unable to provide delivery dates automatically.
Initially, the company was only able to resume taking orders via telephone and a single email address, but it then managed to restore its email ordering system at subsidiaries worldwide.
The company was able to restore delivery capabilities this week, but only for some areas, meaning that its systems continue to be affected. In fact, it appears that even its website is only working partially.
“For certain areas we have been able to restore the delivery power. In addition, all planned training sessions at our Pilz Academy in Ostfildern will take place as planned,” the automation provider said in a tweet earlier today.
Pilz announced that it launched an investigation and that its team of specialists was working closely with external forensic experts and the Baden-Württemberg State Criminal Police Office.
On its website, the company only revealed that it was the victim of a targeted cyberattack, without providing additional information on the nature of the incident.
According to ZDNet, the manufacturer’s network was disrupted by a piece of ransomware. The malware involved appears to have been BitPaymer, which was previously associated with TA505, the threat actor behind the infamous Dridex and Locky malware families.