Another European manufacturer crippled by ransomware

Aebi Schmidt, a Switzerland-based manufacturer and provider of municipal and agriculture machinery, has apparently been hit by ransomware.

Aebi Schmidt ransomware attack

What happened?

“Due to an IT system failure, the Aebi Schmidt Group can temporarily neither receive nor send emails,” the company announced on Thursday. “The IT system failure is due to an attempt by third parties to infiltrate malware into our systems. More and more companies worldwide are being affected by such attacks.”

At the moment, only their Windows and Microsoft-based systems are affected, and had to be temporarily switched off. They are now being rebooted step by step but, the company notes, the process is time-consuming and means that they will not be able to receive or send any emails until further notice.

Not affected by the IT system failure:

  • The operative systems required for production and order processing (including SAP),
  • The infrastructure and data of the US-based M-B Companies (acquired by Aebi Schmidt in 2018)
  • Aebi Schmidt’s telematics platform (used to track vehicle fleets).

According to TechCrunch, much of the damage was concentrated in the company’s European base. Also, it seems that systems necessary for manufacturing operations might have been affected, as they were inaccessible following the attack.

It is still unknown which ransomware is the culprit for the system failure. Customers with urgent requests have been advised to get in touch with the company by phone until the email system is back up and running.

Comments from the infosec industry

“Aebi Schmidt’s security lapse demonstrates the fact that most companies today are not prepared for a ransomware attack – let alone disaster recovery after the fact,” says Anurag Kahol, CTO and founder, Bitglass.

“For organizations like Aebi Schmidt, manufacturing is the foundation of their business models; unfortunately, this ransomware variant left the company’s manufacturing operations incapacitated following the attack. Aebi Schmidt boasted over 413 million Euros in sales last year, according to its 2018 Annual Report. Unfortunately, this single incident could significantly hinder the organization’s overall sales momentum in 2019.”

Jonathan Bensen, CISO and senior director of product management at Balbix, notes that, as a B2B supplier, this event can further hinder the level of trust that current and potential partners and customers have in the company, and that they attack could not have come at a worse time since Aebi Schmidt recently expanded its presence in the US.

“Ransomware infections are common, they typically get in through the oldest trick in the book, phishing. Flip a coin – that’s basically the odds of any organization being targeted,” notes Terry Ray, SVP and Imperva Fellow.

“If you want to avoid being in the next headline, it will pay to be prepared now as to minimize operational downtime and decrease the expense associated with an attack, which could ultimately span to millions of dollars.”

Also, there is no guarantee that if the targeted organization pays the ransom its data will be recovered.

“The best way to prevent an attack is to immediately detect ransomware data access behaviors before the ransomware spreads across the network and encrypts critical data stores. Once detected, you can quarantine impacted users, devices and systems. Having a strategy that takes into account what happens when a cyber-attack occurs, whether it’s ransomware or another method, is essential to resiliency,” he concluded.

Norwegian aluminum producer Norsk Hydro was recently hit by the LockerGoga ransomware. The attack ended up disrupting some of its operations and costing the company a pretty penny (and likely even more than that).

Don't miss