Pilz, the
German automation company, is still struggling to recover more than a week
after it was infected with the BitPaymer ransomware strain.
A notice on
the company’s website reveals that Pilz is suffering from a “targeted
cyberattack” that has crippled “all server and computer based workplaces
including communication network.”
With its
entire computer system offline and its website working sporadically, Pilz is
barely fulfilling orders with clients and is struggling to respond to
inquiries.
On October
21, seven full days after incurring the ransomware contagion, Pilz was able to
restore delivery capability but only for a scant number of areas.
“The company has implemented a crisis management group to resolve the technical problems as quickly as possible and to identify the origin of the attack. However, the technical problems might last for the next couple of days,” according to the notice.
ZDNet spoke
with intelligence analyst Maarten van Dantzig and learned that Pilz fell victim
to a typical attack by the BitPaymer gang. Specifically, he found BitPaymer
samples uploaded on VirusTotal containing a ransom note with Pilz-related
contact details, customized for the company’s network, Catalin Cimpanu reports.
Van Dantzig
said the gang behind BitPaymer has been tied to ransomware demands up to $1
million. He also cautioned that BitPaymer typically arrives by means of the
Dridex Trojan.
Dridex targets unsuspecting Windows victims with a seemingly innocent email attachment that can be opened in Word or Excel. Once opened (and if the user allows macros to run) the document downloads Dridex from the attacker’s command and control center, compromising the system and opening the victim up to additional infections, like ransomware. As such, BitPaymer victims must make sure they’ve completely cleansed all infected hosts – i.e. remove Dridex from the system – before taking them back online.
Pilz was
founded in 1948 as a glass-blowing business. Its initial products were glass devices
for medical technology and mercury relays for industrial applications. Today,
the company supplies electronic control & monitoring devices, programmable
logic controllers. Other products and services include sensor technology, bus
and industrial wireless systems, risk assessments and training courses on
machinery safety.
Ransomware
typically inflicts massive financial losses on its victims, regardless of the strain.
It’s hard to estimate the financial damage Pilz is set to incur from this
week-long downtime. However, considering its product line and business model,
the losses could be massive.