The company announced the incident on its website: “From Sunday, October 13, everyone servers and PC workstations have been affected ”.
Pilz has factories in 76 countries. According to the company, they were all affected by the attack and disconnected from the main network. So they were not able to send orders or check everything related to them customers their.
They needed it three days to regain access to the email service and three more for recovery in factories in all countries. Even worse, the possibility access in orders and product delivery system was recovered yesterday.
Pilz said that the production process was not affected by ransomware but the orders could not be controlled so it could not function properly.
Maarten van Dantzig, a FoxIT analyst, discovered that the ransomware that infected the German company's systems was BitPaymer, which has targeted a large number of companies.
The analyst found and examined a sample of BitPaymer on VirusTotal. The ransom note contained data related to Pilz.
BitPaymer ransomware first appeared in the summer of 2017 and has been used in many attacks to hospitals in Scotland, to two Alaska cities (Matanuska-Susitna and Valdez), to Arizona Beverages, etc.
The creators of BitPaymer always choose 'high value' goals in order to earn large sums of money.
BitPaymer has, until now, only been distributed through it botnet Dridex. ESET supported 2018 that the creators of Dridex also designed the ransomware.
According to many experts, the hackers behind Dridex first attack with trojan Dridex and then infect large corporate systems with BitPaymer.
Van Dantzig said that this ransomware has offered a lot of profits to the attackers as they have demanded more than 1 million dollars to decrypt the files of the victims.
Ο botnet-ransomware combination is very popular nowadays. The botnet Emotet and TrickBot have also been combined with Ryuk ransomware.
Unlike other ransomware, which are encountered daily in attacks, BitPaymer occasionally attacks. This is because carefully selected concrete objectives and not any company. The target is high profile companies.
Analyst Van Dantzig said that in order to restore the networks of a company infected with BitPaymer, system administrators should also remove the Dridex trojan. If they do not, they will become infected again.