German firm Pilz still down a week after getting infected with ransomware

German company Pilz, one of the world’s biggest producers of automation tools is still down after getting infected by ransomware more than a week ago.

German firm Pilz was still down after getting infected by the BitPaymer ransomware more than a week ago, on October 13, 2019.

“Since Sunday, October 13, 2019, all servers and PC workstations, including the company’s communication, have been affected worldwide,” reads the security advisory published by Pilz.

“As a precaution, the company has removed all computer systems from the network and blocked access to the corporate network.”

The German company reported the incident to the public prosecutor’s office and the Federal Office for Security in Information Technology notified. Pilz has also set up a crisis team to manage the incident response activities and recover from the disruptions in the shortest time.

The firm hired external forensics experts to help its staff in investigating the incident in cooperation with the State Criminal Police Office Baden-Württemberg.

The company has isolated all computer systems from the network and blocked any access to the internal network in an attempt to contain the threat.

The incident impacted locations across 76 countries that were not able to fill orders, the email service went down for at least three days, while product orders and delivery system were not accessible for more than a week.

Production capabilities weren’t affected, but impacted systems caused important delays in serving the orders.

According to ZDNet, the company was infected by a piece of the BitPaymer ransomware. Maarten van Dantzig, a lead intelligence analyst at FoxIT, told ZDNet to have analyzed a sample of BitPaymer uploaded on VirusTotal that contained a ransom note customized for Pilz.

BitPaymer has been active since 2017, it was recently involved in the attack on the largest France private multimedia group, the M6 Group.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – ransomware, Pilz)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.