Connect with us

Hi, what are you looking for?



Lacroix Closes Production Sites Following Ransomware Attack

Technological equipment supplier Lacroix has closed three production sites after experiencing a ransomware attack.

Lacroix industrial facilities shut down due to ransomware

Technological equipment giant Lacroix Group says it has closed three production sites for the week after experiencing a ransomware attack.

Lacroix is an international designer and producer of embedded and industrial internet of things (IIoT) systems, including automotive and aerospace equipment, water and energy infrastructure equipment, and smart road infrastructure solutions.

According to the company, on the night of May 12, it detected a targeted cyberattack that hit its French (Beaupréau), German (Willich) and Tunisian (Zriba) sites that produce electronics systems.

The company shut down computer systems at these sites and launched an investigation to determine if the attack was fully contained and if any data was exfiltrated.

Before the attack was intercepted, however, file-encrypting ransomware was deployed and some of the local infrastructures were encrypted.

“The time needed to carry out these actions and to use the backups to restart should take a few days, which is why the three sites are closed for the week,” Lacroix says.

At the moment, the company aims to resume production at the three sites on May 22, and says that partial activity measures have been implemented, along with recovery plans for each site.

Advertisement. Scroll to continue reading.

The cyberattack, Lacroix says, is not expected to have a significant impact on the group’s performance for this year, because the three sites accounted for 19% of sales last year and because the French and German sites would have been closed on Thursday and Friday, in celebration of Ascension Day, which is a public holiday in both countries.

Related: New Babuk-Based Ransomware Targeting Organizations in US, Korea

Related: Capita Says Ransomware Attack Will Cost It Up to $25 Million

Related: Ransomware Group Claims Attack on Constellation Software

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...


The overall effect of current global geopolitical conditions is that nation states have a greater incentive to target the ICS/OT of critical industries, while...


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.


Several major organizations are confirming impact from the latest zero-day exploits hitting Fortra's GoAnywhere software.


The City of Oakland has disclosed a ransomware attack that impacted several non-emergency systems.