German firm Pilz still down a week after getting infected with ransomware

German company Pilz, one of the world’s biggest producers of automation tools is still down after getting infected by ransomware more than a week ago.

German firm Pilz was still down after getting infected by the BitPaymer ransomware more than a week ago, on October 13, 2019.

“Since Sunday, October 13, 2019, all servers and PC workstations, including the company’s communication, have been affected worldwide,” reads the security advisory published by Pilz.

“As a precaution, the company has removed all computer systems from the network and blocked access to the corporate network.”

The German company reported the incident to the public prosecutor’s office and the Federal Office for Security in Information Technology notified. Pilz has also set up a crisis team to manage the incident response activities and recover from the disruptions in the shortest time.

The firm hired external forensics experts to help its staff in investigating the incident in cooperation with the State Criminal Police Office Baden-Württemberg.

The company has isolated all computer systems from the network and blocked any access to the internal network in an attempt to contain the threat.

The incident impacted locations across 76 countries that were not able to fill orders, the email service went down for at least three days, while product orders and delivery system were not accessible for more than a week.

Production capabilities weren’t affected, but impacted systems caused important delays in serving the orders.

According to ZDNet, the company was infected by a piece of the BitPaymer ransomware. Maarten van Dantzig, a lead intelligence analyst at FoxIT, told ZDNet to have analyzed a sample of BitPaymer uploaded on VirusTotal that contained a ransom note customized for Pilz.

BitPaymer has been active since 2017, it was recently involved in the attack on the largest France private multimedia group, the M6 Group.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – ransomware, Pilz)

[adrotate banner=”5″]

[adrotate banner=”13″]