Ransomware Attacks Disrupt Production at Two Manufacturing Sites in Italy

Ransomware Attacks Disrupt Production at Two Manufacturing Sites in Italy
Written by Apr 7, 2021 | CYBERSCOOP

A ransomware incident earlier this year temporarily shut down production for two days at a pair of manufacturing facilities in Italy, incident responders at security firm Kaspersky said Wednesday.

Kaspersky did not publicly identify the victim organization. But Vyacheslav Kopeytsev, a researcher with the firm’s ICS-CERT unit, said in an email that the victim was a multinational firm headquartered in Germany that has factories in Italy. “The servers with the databases required for production were encrypted,” he added.

The hackers disguised a nascent strain of ransomware called Cring as the victim organization’s anti-virus product before encrypting the computer servers that would cause the organization the greatest damage, Kopeytsev and his colleagues said in a report. The attackers catered their hacking tools to the victim’s infrastructure, the researchers said.

It is only the latest example of how ransomware incidents are increasingly affecting the operations of industrial suppliers. Of 500 manufacturing sector employees in the U.S., Germany and Japan surveyed by security firm Trend Micro, 61% said they had experienced cybersecurity incidents, with many of those cases causing system outages.

Kaspersky ICS-CERT said the disruption at the Italian factories was one of multiple hacking incidents involving Cring ransomware and aimed at European industrial firms in the first quarter of 2021. Details on other victims were not immediately available. Swisscom, a big Swiss telecoms firm, alluded to the ransomware infections in a tweet in January.

The incident comes as t ..