A European wind turbine giant, Nordex, has recently suffered from a ransomware attack claimed by the notorious gang Conti. The attack had caused the firm to shut down its IT systems and remote access to its managed wind turbines.
The attack transpired on April 2, 2022, when the wind turbine manufacturing firm immediately detected the malicious activity on its servers and was forced to take down its systems to prevent the attack from intensifying.
Based on a press statement of Nordex, the wind turbine firm has noticed the network intrusion attempt in an early stage, thus responding instantly with management protocols to mitigate the situation. All IT systems across many of their locations and business units were taken offline.
Security researchers have tried to communicate with the firm but have not received any statement as they were probing the issue.
Despite being unresponsive to the security researchers, Nordex released their statement and explained that they had shut down the firm’s remote access to the managed wind turbines to secure their clients’ assets.
The firm’s investigation revealed that the attack had not affected the customers’ assets and was restricted to their internal systems. They have also teamed up with relevant security agencies alongside their emergency response team and external IT experts to conduct in-depth investigations and forensic analyses.
Furthermore, the wind turbine firm clarified that there was no sign that the ransomware attack had spread to any of their third-party assets or any part beyond their internal IT infrastructure.
A few days after detecting the attack against Nordex, the Conti ransomware gang had claimed to be the suspect behind it. There was no data breach that security experts have found regarding the incident, hence their conclusion that the firm has been communicating with the threat actors or that there was no sensitive data stolen in the attack that could be compromised.
The Conti threat group has been notorious in the cybercrime scene for many years, after its historical attacks against many organisations worldwide. They are also best known for using dangerous malware variants, such as Ryuk, BazarLoader, and TrickBot.