Nordex Hit by Conti Ransomware
The Wind Turbine Developer Had to Shut Down Its IT Systems in Order to Prevent the Spread of the Attack.
Nordex SE is a European company that develops, sells, and produces wind turbines.
The enterprise is one of the largest developers and manufacturers of wind turbines globally, with more than 8,500 employees worldwide.
The company’s headquarters are in the German city of Rostock, while its management is based in the city of Hamburg.
Nordex disclosed the fact that they had been the victim of a cyberattack that was discovered early and also that the business had shut down its IT systems to prevent the assault from spreading.
On 31 March 2022 Nordex Group IT security detected that the company is subject to a cyber security incident. The intrusion was noted in an early stage and response measures initiated immediately in line with crisis management protocols. As a precautionary measure, the company decided to shut down IT systems across multiple locations and business units.
The incident response team of internal and external security experts has been set up immediately in order to contain the issue and prevent further propagation and to assess the extent of potential exposure.
Customers, employees, and other stakeholders may be affected by the shutdown of several IT systems. The Nordex Group will provide further updates when more information is available.
Who Was Behind the Attack?
Nordex recently issued an amended statement in which they said that they have also stopped remote access to controlled turbines in order to protect the assets of its clients.
The Nordex Group detected a cyber security incident on 31 March 2022, and in response initiated security protocols, immediately shutting down various IT systems
across different business units.
To safeguard customer assets, remote access from Nordex Group IT infrastructure was disabled for turbines under contract. Nordex turbines continued operating without restrictions and wind farm communication with grid operators and energy traders was and remains unaffected. As part of immediately initiated business continuity measures, alternative remote control services have been set-up and are now successfully implemented for most of the fleet. In close cooperation with relevant authorities, the emergency response team of internal and external IT experts has been performing extensive investigations and forensic analysis. Preliminary results of the analysis suggest that the impact of the incident has been limited to internal IT infrastructure. There is no indication that the incident spread to any third-party assets or otherwise beyond Nordex’ internal IT infrastructure. While investigations are ongoing, the company is continuing to restore its IT systems such as to enable business continuity and resume normal operations as soon as reasonably practicable.
The Nordex Group will provide further updates when more information is available.
The Conti ransomware organization claimed responsibility for the Nordex assault but has not started releasing data. This could be implying that the organization is negotiating with the threat actors or that no data was taken during the assault.
How Can Heimdal™ Help?
Prevention is the most effective cybersecurity technique because it protects your important assets from being compromised in the first place. In order to avoid data loss and exfiltration, your firm needs effective cybersecurity solutions such as Heimdal Ransomware Encryption Protection, which prevents ransomware encryption attempts and so protects you against data loss and exfiltration.