German wind farm operator confirms cybersecurity incident
German wind farm operator Deutsche Windtechnik confirmed that it was hit with a cyberattack earlier this month, becoming the latest in a string of German energy providers to face disruptions from a cybersecurity incident.
In a statement, the company said its IT systems were targeted by a cyberattack on the night between April 11 and 12.
“As we previously reported, we were able to reactivate the remote data monitoring connections to the wind turbines after 1-2 days, which had been switched off for security reasons,” the company explained.
“We are very happy that the wind turbines that we look after did not suffer any damage and were never in danger. Deutsche Windtechnik's operational maintenance activities for our clients resumed again on April 14 and are running with only minor restrictions.”
The company’s IT team was able to isolate the problems and the company noted that its forensic analysis showed it was a “targeted professional cyberattack.”
It is still working to restore the availability of all communication channels and noted that the incident was reported to the German Federal Office for Information Security (BSI).
The company did not respond to questions about whether it was hit with a ransomware attack, but it showed up on the leak site of the Black Basta ransomware gang according to MalwareHunterTeam, an account on Twitter tracking ransomware groups.
Not seen it mentioned by anyone yet, so: Deutsche Windtechnik is also on Black Basta ransomware gang's leak site. Leak is at 100% published stage already.— MalwareHunterTeam (@malwrhunterteam) April 26, 2022
Actually, not really got surprised to see this company on their leak site... pic.twitter.com/eH6keCpSWb
There have been several attacks on German energy providers this year. German wind turbine maker Nordex was forced to shut down its IT systems across multiple locations and business units after it was hit with a cyberattack on March 31.
Wind turbine maker Vestas was hit with a ransomware attack in November, and the group behind the attack eventually threatened to leak the data it stole. Like Nordex, the company had to shut down its IT systems across multiple business units and locations to stop the issue from spreading.
Oil companies Oiltanking and Mabanaft, both owned by German logistics conglomerate Marquard & Bahls Group, suffered a cyberattack that crippled their loading and unloading systems in February.
An internal report from the BSI said the BlackCat ransomware group was behind the cyberattack on the oil companies.
Jonathan Greig is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.