Pierluigi Paganini February 15, 2024

On February 12, 2023, a cyber attack halted operations at five production plants of German battery manufacturer Varta.

On February 13, German battery manufacturer Varta announced that a cyber attack forced the company to shut down IT systems. The attack disrupted operations at five production plants and the administration.

VARTA AG is a leading global manufacturer of batteries with over 4,500 employees worldwide, reporting revenue of €1.2 billion in 2023.

The announcement revealed that the company has temporarily shut down its systems to contain the threat, a circumstance that suggests it was the victim of a ransomware attack.

The company launched an investigation into the incident, with the help of forensics experts, to determine its scope.

“Last night, February 12th 2024, the VARTA Group was the target of a cyber attack on parts of its IT systems. This affects the five production plants and the administration. The IT systems and thus also production were proactively shut down temporarily for security reasons and disconnected from the internet. The IT systems and the extent of the impact are currently being reviewed. The utmost care is being taken to ensure data integrity. The extent of the actual damage cannot be determined at this time. In accordance with the emergency plan for such situations, the necessary precautionary measures were implemented immediately.” reads the statement published by the company. “Additionally, a task force was set up instantly to restore normal operations as quickly as possible and deal with the incident with the support of cyber security experts and data forensics specialists.”

Impacted production plants are in Germany, Romania and Indonesia, on February 14 the operations at the plants were still blocked.

“The battery manufacturer’s production continues to stand still after a hacker attack. A spokesman for the company from Ellwangen in Baden-Württemberg told the German Press Agency on Wednesday afternoon upon request. The five production sites, three of them in Germany and one each in Romania and Indonesia, are affected. Likewise the administration.” reported the German website Finanzen.

At this time, no known ransomware group has claimed responsibility for the attack.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Varta)