Information security specialists reported a serious ransomware infection at automation company Pilz, based in Germany. For more than a week, the company’s operations have been disrupted due to infection with the dangerous encryption malware variant known as BitPaymer.
On its website, the company released a
statement that says: “Pilz has been the victim of a cyberattack
specifically targeting our systems; it has crippled operations in all our computer
and server-based jobs, including the company’s communication networks.” For
now, the company is working forced march to meet its pre-established commitments,
in addition to restoring all affected operations.
This Monday, October 21, it was completed one
week after the infection was detected. Although the company has already managed
to restore some of its functions (scheduled deliveries, among others), many of
the systems remain paralyzed. “We have integrated an information security
team to resolve some technical issues, identify the source of the attack, among
other activities,” as mentions one of the latest updates on the incident.
As mentioned by company officials, the full
re-establishment of Pilz’s operations is expected to take a few more days.
Speaking to the specialized platform ZDNet,
information security expert Maarten van Dantzig mentioned that this is the
typical attack linked to the hacker group known as BitPaymer. The expert claims
that he discovered some samples of the malware used by this group on the VirusTotal
platform, including the ransom note used during this incident, with custom
details related to the German company.
Although the amount of ransom demanded from
Pilz is unknown, Van Dantzig adds that operators of this ransomware variant
have come to demand ransoms of up to $1 million USD in cryptocurrency. Finally,
the expert adds that, usually, the BitPaymer ransomware is delivered to victims
using the Trojan known as Dridex.
Specialists from the International Institute of
Cyber Security (IICS) add that this Trojan is dropped at unsuspecting Windows
users via an attached document sent by email. When opened, Dridex is unloaded,
opening the door to other threats, as in the case of the affected company.
