The manufacturer of automation tools, Pilz, suffered a cyber attack that took down almost all its infrastructure.
Pilz is a leading provider of automation technology in Ostfildern, Germany. This offers computer and process control and security services, consultancy, research and education and has industries around the world.
The business was struck by all its server-based workplaces, including the international communication network, on 13 October.
The cyber attack seems to have hit all the offices of the organization, affecting more than 70 countries worldwide. Although production was not affected, the company could not take orders or process deliveries.
“For precautionary reasons, all computer systems have been disconnected from the Internet. We will inform you the current state of affairs, “the company announced last week on Twitter.
In the days following the initial settlement, Pilz was able to start ordering again, but revealed that it was still unable to automatically have delivery dates.
At first the company could only continue ordering by phone and a single e-mail address, but then managed to restore the email order system to subsidiaries throughout the world.
This week, the company was able to regain distribution capacities, but only in some areas, so its systems remain affected. In fact, even your website only partially works.
“We have been able to restore transmission capacity for certain areas. In addition, all the expected training courses will take place as scheduled at our Pilz Academy in Ostfildern, “the automation provider said earlier today.
Pilz confirmed it had launched an investigation, and its team of experts worked in close collaboration with independent forensic experts and the Criminal Police Office of Baden-Wuerttemberg.
The company only revealed on its website that it had been the victim of a targeted cyber attack without giving further information on the nature of the incident.
S piece of ransomware disrupted the manufacturer’s network. It seems that the malware involved was BitPaymer, previously associated with TA505, the actor at risk for the notorious families of malware Dridex and Locky.