Norwegian recycling giant Tomra has taken some of its systems offline after falling victim to what it describes as “an extensive cyberattack”.
A multinational company, Tomra manufactures waste collection and sorting products, including reverse vending machines and food sorters. The company operates close to 100,000 recycling systems worldwide.
On Monday, Tomra announced that some of its data systems were impacted by a cyberattack that was discovered on July 16, and that it immediately disconnected some systems to contain the incident.
In an update on Tuesday, the company announced that it had disconnected additional systems, and that it would keep all impacted systems offline until the incident is resolved.
“No new hostile activities have been detected,” the company announced.
“Our primary aim is to continue to deliver our services to customers, reducing the impact this attack has on them. The attack currently has limited impact on Tomra’s customer operations. Most of Tomra’s digital services are designed to operate offline for a certain amount of time but may have reduced functionality in the interim,” Tomra said.
The company announced that its internal IT services and some back office applications remain offline, with an impact on its supply chain management. With major office locations offline, employees have been asked to work remotely.
Tomra’s reverse vending machines (RVMs) in Australia and North America remain fully operational, RVMs in Europe and Asia continue to work in offline mode, but some older models are no longer operating.
The company’s recycling and food sorter systems are operating as usual, with some limited functionality due to digital services being offline.
“We continue to work tirelessly to resolve the situation, and remain in dialogue with relevant authorities. We have not received any contact from those who are behind the attack,” the company said.
While Tomra has not shared details on the type of cyberattack it experienced, it is likely that file-encrypting ransomware was involved. Taking systems offline is a typical incident response step in the event of ransomware.