UK Leasing

Vestas confirms IT is operational after ransomware attack • The Register

Wind turbine maker Vestas said “nearly all” of its computer systems were finally operational 10 days after a security attack by criminals, confirming that it had indeed been the victim of ransomware.

The alarm bells rang penultimate weekend when the Danish organization said it had identified a “cybersecurity incident” and closed parts of its technology park to “contain the problem”.

Today, the company – one of the largest in the world to design, build, install and maintain wind turbines – said it had undertaken “extensive investigations, forensic analyzes, restoration and strengthening activities. our IT systems and IT infrastructure “.

Henrik Andersen, President and CEO of the Cabinet, said in a press release:

“We have been through some difficult days since discovering the cyber incident, and therefore the general management and the board of directors are very happy that the incident did not have an impact on the operation of the wind turbines and that almost all our computer systems are working again. “

The manufacturing, construction and services team has not been affected, Vestas said.

“We still have a lot of work to do and we must remain extremely diligent in dealing with cyber threats. I would already like to take this opportunity to thank our customers, employees and external partners for their understanding and extraordinary support in these difficult circumstances. . “

The full investigation into the incident is continuing, Vestas said, and there is still no evidence that the break-in affected the customer or supply chain operations, “which is supported by the medical investigation. – legally conducted with the help of third-party experts, ”he mentioned.

The security incident bore all the hallmarks of a ransomware attack, but Vestas declined to comment last week. Today he confirmed this The register had suspected before.

“The cyber incident, which our investigations found to be ransomware, impacted Vestas internal systems and resulted in data compromise. The extent of the data compromise is still under investigation, but for now it appears that the data primarily relates to internal matters. “

We asked the company if they paid the ransom, but a spokesperson said, “Due to the situation, this is not something we will comment on.” He also declined “at this point” to go into details on how the digital break-in occurred.

According to a Coveware study published in January, the average downtime caused by ransomware is 16.2 days and Bitcoin is the most favored cryptocurrency by criminal gangs. The company also discovered that the ransomware is more lucrative than cocaine trafficking, that the average payout is just under $ 140,000 per attack, and that the most common strains are Conti V2, Mespinoza, and Sodinokibi. ®