Pierluigi Paganini December 03, 2024

ENGlobal Corporation disclosed a ransomware attack, discovered on November 25, disrupting operations, in a filing to the SEC.

A ransomware attack disrupted the operations of a major energy industry contractor, ENGlobal Corporation.

Founded in 1985, ENGlobal Corporation designs automated control systems for commercial and government sectors, reporting $6 million in Q3 revenue and $18.4 million year-to-date.

According to the FORM 8-K report filed with the U.S. Securities and Exchange Commission (SEC), the company discovered the attack on November 25. The threat actors had access to the company’s information technology systems and encrypted some of its data files. The investigation into the security breach is still ongoing and the company is remediating the incident with the help of external cybersecurity specialists.

“On November 25, 2024, ENGlobal Corporation (the “Company”) became aware of a cybersecurity incident.  The preliminary investigation has revealed that a threat actor illegally accessed the Company’s information technology (“IT”) system and encrypted some of its data files.” reads the report filed with SEC. “Upon detecting the unauthorized access, the Company immediately took steps to contain, assess and remediate the cybersecurity incident, including beginning an internal investigation, engaging external cybersecurity specialists, and restricting access to its IT system.”

“As a result of these and other measures, and while the investigation and remediation efforts remain ongoing, access to the Company’s IT system is limited to essential business operations.” ù

At this time, the company is not able to provide the timing of the restoration of full access to its IT systems.

ENGlobal Corporation is assessing whether the cybersecurity incident will significantly affect its financial condition or operations.

No ransomware gang has claimed responsibility for the attack. 

At the end of October, another energy industry contractor, Newpark Resources, reported a ransomware attack that disrupted operations and limited access to internal information systems.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, ransomware)