Lacroix Closes Production Sites Following Ransomware Attack

Technological equipment giant Lacroix Group says it has closed three production sites for the week after experiencing a ransomware attack.

Lacroix is an international designer and producer of embedded and industrial internet of things (IIoT) systems, including automotive and aerospace equipment, water and energy infrastructure equipment, and smart road infrastructure solutions.

According to the company, on the night of May 12, it detected a targeted cyberattack that hit its French (Beaupréau), German (Willich) and Tunisian (Zriba) sites that produce electronics systems.

The company shut down computer systems at these sites and launched an investigation to determine if the attack was fully contained and if any data was exfiltrated.

Before the attack was intercepted, however, file-encrypting ransomware was deployed and some of the local infrastructures were encrypted.

“The time needed to carry out these actions and to use the backups to restart should take a few days, which is why the three sites are closed for the week,” Lacroix says.

At the moment, the company aims to resume production at the three sites on May 22, and says that partial activity measures have been implemented, along with recovery plans for each site.

The cyberattack, Lacroix says, is not expected to have a significant impact on the group’s performance for this year, because the three sites accounted for 19% of sales last year and because the French and German sites would have been closed on Thursday and Friday, in celebration of Ascension Day, which is a public holiday in both countries.

Related: New Babuk-Based Ransomware Targeting Organizations in US, Korea

Related: Capita Says Ransomware Attack Will Cost It Up to $25 Million

Related: Ransomware Group Claims Attack on Constellation Software