Vestas Wind Systems, a global leader in wind turbines, faced a cyber attack on Friday, November 19, forcing the company to shut down IT systems across multiple business units. The company’s preliminary investigations have revealed that the incident has affected certain areas of its IT infrastructure. Vestas added that certain information “has been compromised.”
The exact nature and impact of the cyberattack are unclear at this time. Vestas has said that the investigation is ongoing and that it will keep stakeholders informed about developments. So far, the company does not believe the incident has impacted its customers and other third parties.
Read on for more information on the cyberattack, as well as the growing threat faced by organizations in critical sectors.
Impact on Vestas’ Operations
Vestas is a Danish company with a significant global presence: It has 25,000 people on its payroll and operates turbine manufacturing plants in 16 countries.
This cyberattack comes at an already tumultuous time for the wind giant. It currently faces many challenges due to supply chain issues, as well as rising commodity prices.
The company said that it shut down certain IT systems as a precautionary measure. Some of its factories were forced to slow down production.
While the company has played down the impact of the cyberattack on third-party operations, it is likely that the disruption and subsequent delays affected key stakeholders, like employees and customers.
Vestas also confirmed that the attack compromised its IT infrastructure and certain information. The company has not provided information on whether it faced a ransomware attack.
Growing Cyber Attacks on Critical Infrastructure
Wind turbines represent a key piece in the global transition to renewable energy. The cyberattack on Vestas signals a growing trend where hackers target critical infrastructure. Even state-backed hackers focus on organizations in critical sectors. These are usually ripe targets for ransomware or simply for carrying out cyber espionage.
In 2021, many US critical sectors have witnessed a large number of cyberattacks from high-profile ransomware groups. Incidents such as the colonial pipeline hack forced US federal agencies to step up their protection and prevention efforts. Last month, several American federal agencies worked together to take down the REvil ransomware gang.
Previously, the US government has offered lucrative bounties (some even as high as $10 million) for information on ransomware gangs.
If you want to learn more about ransomware, take a look at our detailed article here.