BitPaymer attack blocked industrial giant Pilz

Pilz, one of the largest manufacturers of industrial automation products, was forced to shut down most of its systems. BitPaymer ransomware attack blocked Pilz.

“The problems started on October 13th. Although the production lines themselves were not affected, work processes were disrupted due to failures in the order service systems. It took employees three days to restore email. Access to product delivery systems appeared only on October 21”, – reports Pilz.

Experts linked the incident with the BitPaymer cryptographer, who was marked by attacks on the district administration in Alaska, the company Arizona Beverages, the French television channel M6. Earlier this month, researchers reported that the malware penetrates corporate infrastructure through 0-day in the Bonjour utility for iTunes.

As FoxIT lead analyst Maarten van Dantzig told reporters, after the attack on Pilz on VirusTotal, was discovered the BitPaymer distribution with the same ransom demand that received employees of the industrial giant.

“The current incident fits into the ransomware’s behavior model – its operators prefer hunting for single targets instead of massive campaigns. Attackers demand large sums of money from such victims – up to a million dollars”, – said Maarten van Dantzig.

Analysts believe that the same people who run the Dridex Trojan could create BitPaymer. In recent years, the ransomware has been using the power of this malware to search for victims – criminals deliver Dridex with malicious spam, identify corporate users among the affected targets and deploy extortionate software on their machines.

Such cooperation links other players in the cybercriminal market. For example, Ryuk ransomware is often detected on computers after Emotet and TrickBot attacks.

Read also: Attackers could exploit the vulnerabilities of Alexa and Google Home to phishing and spying on their users

Thus, companies that faced ransomware need carefully check their infrastructure for the presence of other malware. Otherwise, criminals can attack again – according to van Danzig, information security experts have already encountered such cases in the practice.

A recent study has shown that industrial companies are facing increasing pressure from cybercriminals. This is evidenced by the fact that in the first half of this year, the proportion of attacked computers of automated process control systems remained almost unchanged compared to the second half of 2018. At the same time, the number of malicious programs in industrial systems during the reporting period increased by 10%.