The Conti ransomware gang has claimed responsibility for a cyberattack that forced wind turbine giant Nordex to shut down internal systems on March 31.
The incident, the company revealed in early April, was identified at an early stage, but resulted in multiple systems across Nordex’s branches being taken offline.
Earlier this week, the wind turbine maker said it was still working on restoring IT systems to return operations to normal, but did not provide an estimation as to when that might happen.
However, the company also said that the incident only impacted its internal systems and that wind turbine farms continued operating normally. Communication with customers wasn’t affected either, the company said.
While Nordex did not say what type of cyberattack it suffered, the fact that it shut down numerous systems suggested right from the start that ransomware might have been involved.
This supposition was apparently confirmed this week, when the Conti cybergang, which is known for many high-profile ransomware attacks, claimed responsibility for the incident.
Conti “announced” the Nordex hack on their leaks site on the Tor network, but did not say whether any data was stolen during the intrusion.
The entry on Conti’s site is dated April 11, but it appears that it was made public on April 14. SecurityWeek checked the site on Wednesday, when Nordex published a security incident update, and found no mention of the attack on the wind turbine giant.
The US government issued a warning on Conti ransomware attacks in early March, roughly two weeks after the cybercrime ring announced support for the Russian invasion of Ukraine. The group also had to deal with several source code and internal chat leaks in retaliation to its pro-Russian position.
Ionut Arghire is an international correspondent for SecurityWeek. Previous Columns by Ionut Arghire:Tags: