German car parts maker Gedia Automotive Group has had to shut down its IT operations following a massive cyber-attack.
The firm, which employs 4,300 people in seven countries, reported the incident on Thursday morning in a press release and said that there was a "serious cyber-attack" on the company's headquarters in Attendorn earlier that week.
When the attack was discovered, the management decided on an "immediate, complete system shutdown". "This measure was taken to prevent a complete failure of the IT infrastructure," said the company. Since then, Gedia has taken down the release.
The system shutdown not only affected its main headquarters but also other locations in Poland, Hungary, Spain, China, India, USA and Mexico.
It added that an emergency plan was in action to ensure “production, material supply and the processing of customer deliveries”. However, large parts of the company are not able to carry out work with almost all employees sent home.
The company has brought in "external security experts" to analyse and repair the damage. According to the company, “it is an attack by suspected cyber-criminals from Eastern Europe”.
While the company works to get systems back online, it said that “from today’s perspective, it will take weeks and months until all functional processes have been completely restored.”
According to reports by Bleeping Computer, the hackers behind Sodinokibi ransomware have threatened to post the data it had stolen from Gedia on the dark web unless it pays a ransom.
"Now for the tasty. gedia.com . They didn’t get in touch. All computers on the network are encrypted," the hackers said on a malware forum. "More than 50 GB of data was stolen, including drawings, data of employees and customers.
Chris Bates, SentinelOne’s VP of security strategy, told SC Media UK that ransomware attacks can be deadly for organisations, which might never recover from the financial burden caused by the direct and indirect damage inflicted.
“When trying to assess the potential risk emanating from ransomware attacks, organisations should factor in all these aspects: the payout, downtime, damage to reputation, data loss and more,” he said.
"Once all these have been taken into consideration, it is advisable to seek a trusted endpoint solution to provide maximum security against ransomware and complement it with proper backup systems and business continuity procedures. It’s also advised to purchase suitable cyber insurance to reduce the risk even further.”
Craig Stirling, head of security operations at converged ICT supplier GCI, told SC Media UK that there are some key steps that an organisation can take to protect against ransomware.
“Segregation of your network is key, as is having an effective data back up strategy where the backup data is totally segregated, for example in the cloud. Other key techniques include effectively educating users on phishing emails, restricting write permissions to file servers, turning off admin rights and having an effective and frequent patching strategy,” he said.