Pilz Hit by BitPaymer Ransomware

Delaware, USA – October 23, 2019 – German automation technology company fell victim to a massive ransomware attack; computer systems in all locations of Pilz across the globe were affected. The attack occurred on Sunday, October 13, and the company will recover for a long time from its devastating consequences. Almost a week was needed to restore email services, the website is only partially operational and only a couple of days ago the company restored access to the product orders and delivery system. Intelligence analyst Maarten van Dantzig tied the attack on Pilz to BitPaymer ransomware, which is distributed by the Dridex Trojan and is a creation of the same group of cybercriminals. The researcher found a version of BitPaymer on Virus Total that contained instructions addressed to Pilz employees in ransom notes. This ransomware strain appeared in 2017 and is used by cybercriminals only against large organizations pre-infected with Dridex malware.

The same weekend, cybercriminals attacked France’s largest privately-owned multimedia group – M6, but the cybersecurity staff of TV channel stopped the infection before ransomware penetrated most systems in the network. Despite the operational actions of the security team, email servers and phone lines were unavailable for several days, but TV and radio channels did not stop broadcasting. You can detect the Dridex Trojan using the community rule available on Threat Detection Marketplace: https://tdm.socprime.com/tdm/info/GN1qQlT3qRCj/