Conti Ransomware Group Adds Nordex to List of Victims

Wind turbine giant Nordex was forced to shut down IT systems and remote access as the Conti ransomware group launched a cyberattack on their system.

The company announced on April 2 that it had suffered a cyberattack. However, it was detected early and Nordex was able to prevent the spread of the attack.

In the press statement of Nordex, it disclosed that the attack was detected in an early stage and a response measure was initiated immediately. The company shut down its IT systems across multiple locations and business units as a precautionary measure.

However, Nordex would not disclose the identity of the perpetrators. BleepingComputer reported that as early as March 31st, they were told that the wind turbine company suffered a Conti ransomware attack which caused the entire platform to go offline.

This time, the Conti ransomware group finally claimed responsibility for the cyberattack.

Conti Ransomware Group Adds Nordex to List of Victims
Nordex-online/ screen grabbed from Nordex Website

Conti Ransomware Group Affirms Suspicions, Claims Responsibility for Nordex Cyberattack

The Conti ransomware group, an elite ransomware operation operated by a Russian hacking group known for other notorious malware infections, affirmed responsibility on Nordex cyberattack.

Despite the claims, Conti ransomware is not yet leaking any data from Nordex which may indicate that the company is currently in negotiation with the hackers or there was no data stolen during the cyberattack.

Conti is a ransomware that has been observed since 2020 that affects all versions of Microsoft Windows.

The Conti ransomware group commonly uses a phishing attack. They do it by gaining access to a corporate network after a device becomes infected with the BazarLoader or TrickBot malware infections.

These hackers steal files and upload them back to their servers while spreading through a network. The stolen data are then used as part of double-extortion attacks to pressure victims into paying a ransom.

The ransomware group announced its support of Russia during the 2022 Russian invasion of Ukraine. They threatened to deploy "retaliatory measures" if cyberattacks were launched against Russia.

As a result, an anonymous person who indicated their support for Ukraine leaked approximately 60,000 messages from internal chat logs along with source code and other files used by the group.

The U.S. government has already issued an advisory on Conti ransomware attacks.

Nordex Launches Investigation on Cyberattack

In a statement released by Nordex, they shared that the emergency response team of internal and external IT experts has been performing extensive investigations and forensic analysis to know the extent of the cyberattack.

Based on their initial investigation, the attack was restricted to their internal system and was not able to spread to customer assets.

In a report of BleepingComputer, Nordex said: "Preliminary results of the analysis suggest that the impact of the incident has been limited to internal IT infrastructure. There is no indication that the incident spread to any third-party assets or otherwise beyond Nordex' internal IT infrastructure."

They further explained that they had disabled the remote access to managed turbines to safeguard customers' assets.

Nordex is a European company that designs, sells, and manufactures wind turbines. With over 8, 500 employees worldwide, it is one of the largest developers and manufacturers of wind turbines globally.

© 2024 iTech Post All rights reserved. Do not reproduce without permission.

More from iTechPost

Real Time Analytics