- Home » News » World News
Pilz is recovering from a ‘major’ ransomware attack
The German machine safety and automation specialist Pilz is recovering from the effects of a “major” ransomware cyber-attack which affected much of its IT infrastructure around the world in the middle of October.
In a statement issued at the SPS exhibition in Nuremberg last week, the family-owned business said that it has overcome the attack, and re-established production and customer service, adding that it is “emerging from the attack stronger”.
On 13 October, systems monitoring Pilz's Web servers recorded suspicious activity, which was identified as a cyber-attack. The company removed all of its computer systems from the network and blocked access to its corporate network to prevent a potential proliferation of the attack, both within the company and externally.
However, the perpetrators had already used a trojan to attack Pilz’s global server and to encrypt some of the data on it. Within a few hours of the attack, Pilz had notified the German authorities and lodged a complaint. A team of in-house analysts worked on the incident in cooperation with external forensics experts and the State Criminal Police Office in Baden-Württemberg.
According to reports in the computer media, Pilz was hit by a strain of ransomware known as BitPaymer, which has been responsible for several high-profile attacks since 2017, with targets including Scottish hospitals, the PGA, Arizona Beverages and a French TV station.
“With regard to the attack, we are in the best of hands with the investigating authorities,” says managing partner, Thomas Pilz. “However, we are not allowed to say very much about the incident itself, so as not to jeopardise the ongoing investigations.
“However, we can say this much: no customer or supplier data has been stolen and no viral proliferation of the attack has been identified. That’s good news!”
In the first few days after the attack, the company established communications using whiteboards and secure messaging services. It formed working groups and established priorities.
As the attack was being countered, forensic experts checked which areas of the network had been affected and started to clean the data. In its statement, Pilz says that it is getting its IT infrastructure back into operation “step by step”. However, it adds, it will be some time before the usual level of full IT services is available to all of its staff.
“The number one priority is to support and supply our customers to the usual level of quality”, explains managing partner, Susanne Kunschert. Production at the company’s European sites is now said to be running at the same level as it was before the attack. Production and logistics have been working additional shifts to guarantee deliveries. Customer support personnel have been in contact with customers around the world.
The company, which employs around 2,400 people, also believes that the current situation provides opportunities to strengthen itself – and not only with regard to its IT.
“The last few weeks have shown the technology may fail, but the solidarity and engagement of the people and their willingness to resolve problems together have carried us through,” it says. “We are positive as we look to the future.”
“The current wave of attacks against us and many other companies clearly demonstrates that cyber-crime is increasingly becoming a serious threat to peace and prosperity in our country,” says Kunschert. “We must all make a great effort to ensure that this type of organised criminality is given greater attention and that companies, associations, authorities and politicians work more closely together in future to ensure that other companies and institutions are spared what we went through!”
Pilz says it will use its cyber-attack experience to expand its expertise in the field of safety and security and to share this with its customers.
