Image: Nordex

The Conti ransomware operation has claimed responsibility for a cyber attack on wind turbine giant Nordex, which earlier this month was forced to shut down IT systems and remote access to the managed turbines.

Nordex is one of the largest developers and manufacturers of wind turbines worldwide, with more than 8,500 employees worldwide.

On April 2, Nordex announced that it had had an early-detected cyber attack and that the company had shut down its IT systems to prevent the attack from spreading.

“The break-in was detected early and immediate action was taken in accordance with crisis management protocols. As a precautionary measure, the company decided to shut down IT systems across multiple sites and business units,” Nordex’s original press statement said.

However, BleepingComputer was informed on March 31 that the company was dealing with a Conti ransomware attack that took the entire platform offline. Our source went on to say that Nordex did not know where the attack came from and began their investigation.

Multiple emails sent by BleepingComputer to Nordex to confirm whether they have suffered a ransomware attack have gone unanswered.

Yesterday, Nordex released an updated statement explaining that they had also disabled remote access to managed turbines to protect customer assets.

They further state that their investigation shows that the attack was limited to their own internal systems and did not spread to customer assets.

“In close cooperation with the relevant authorities, the emergency response team of internal and external IT experts conducted extensive investigations and forensic analysis,” reads Nordex’s update on the cyber attack.

“Preliminary results of the analysis suggest that the impact of the incident was limited to internal IT infrastructure. There is no indication that the incident has spread to third-party assets or otherwise outside Nordex’s internal IT infrastructure”

Danish wind turbine producer Vestas suffered a ransomware attack last November by the LockBit ransomware operation.

Conti ransomware claims attack on Nordex

Today, the Conti ransomware operation claimed they were behind the attack on Nordex.

However, the ransomware gang has yet to start leaking data, indicating that the company may be in negotiations with the threat actors or that no data was stolen during the attack.

Conti ransomware claims attack on Nordex

Conti is an elite ransomware operation run by a Russian hacking group known for other notorious malware infections, including Ryuk, TrickBot, and BazarLoader.

Conti usually gains access to a corporate network after a device is infected with the BazarLoader or TrickBot malware infections through a phishing attack.

As they spread over a network, the threat actors steal files and upload them back to their servers.

This data is then used as part of duplicate extortion attacks to pressure victims into paying ransoms.

The Conti gang recently suffered its own data breach after a Ukrainian researcher published nearly 170,000 internal chat conversations between the Conti ransomware gang members and the Conti ransomware source code.

Due to the ongoing activity of the cybercrime gang, the US government has issued an advisory on Conti ransomware attacks.

This post Wind turbine company Nordex hit by Conti ransomware attack

was original published at “https://www.bleepingcomputer.com/news/security/wind-turbine-firm-nordex-hit-by-conti-ransomware-attack/”