Huge manufacturing company Aebi Schmidt struck by ransomware

SC Magazine, TechCrunch, April 24, 2019, with comments by Saurabh Sharma, Virsec’s vice president;

A few weeks ago, news surfaced that a ransomware virus was wreaking havoc on European companies, particularly industrial and manufacturing companies, across several countries in Europe. The malware was LockerGoga and it’s still active. (See our recent blog LockerGoga Ransomware Slams Industrial Firms in Europe, Could Hit Anyone)

Security researchers expected others would be hit by that same malware and now, another European company with a US presence – Aebi Schmidt - has also been hit by a ransomware attack. Aebi Schmidt, a Swiss company that manufactures airport maintenance and road cleaning vehicles, was affected severely enough by the malware that their operations were interrupted this week, bringing systems down across their international network, including US subsidiaries. Some areas were impacted so strongly they became inaccessible, including the company’s email system.

Aebi Schmidt confirms some details of malware impact

Though the company hasn’t made a public announcement, a spokesperson confirmed the attack caused a systems outage and disruptions in their email system: “I can confirm that the availability of other systems was or may still be limited, our specialists are still working on resolving the issue, the cause is not yet clear.” He also said the company’s SAP business and sales systems are working and production is “up and running,” but the Windows network is “affected by a virus” and other systems were shutdown as a precaution.

The company’s Windows environment was hit with the malware, causing the company to shut down part of its network. They also had to send part of its staff home, some even forced to take unpaid leave.
Their situation is similar to the other companies who’ve also been hit, including The Weather Channel, who had to go off the air for an hour, and Norsk Hydro, who shut down a significant portion of their operation. Norsk has estimated the cost of their damages to be $40 million. Another company that was struck in the US, Arizona Beverages, also had to shut down for a week, even though the FBI had warned them a week prior that they were infected by a strain of malware that was dormant.

Goal of attacks and type of malware not yet confirmed

The goal of the attackers seems to be mixed in nature, both to collect ransom but also to create as much destruction and chaos as possible.

”It could be a nation-state, competitor, or someone trying to manipulate the stock price for financial gain. With ransomware attacks targeting manufacturing and critical infrastructure, the goal is more likely to cause disruption than to actually extract ransom payments. The political and financial damages from these attacks can be far greater,” said Saurabh Sharma, Virsec’s vice president.

It’s not yet clear if the malware that damaged Aebi Schmidt is the same LockerGoga malware identified a few weeks ago. But the symptoms are very similar. The already huge manufacturing giant had recently grown through its acquisition of M-B Companies – maker of snow removal and cleaning machines – along with prior acquisitions of Meyer Products and Swenson Products, makers of winter maintenance equipment. These acquisitions expanded the US presence of this international manufacturing giant.

Other industrial and manufacturing companies remain on high alert as more details on these attacks emerge.

Read full Aebi Schmidt latest manufacturer dealing with cyberattack article

Read full Manufacturing giant Aebi Schmidt hit by ransomware article

For more information about how Virsec protects against ransomware and memory-based attacks, visit our Memory Protection product page or download our paper "Deterministic Protection Against Memory-Based Cyber Attacks."