German wind farm operator confirms cybersecurity incident

German wind farm operator Deutsche Windtechnik confirmed that it was hit with a cyberattack earlier this month, becoming the latest in a string of German energy providers to face disruptions from a cybersecurity incident.

In a statement, the company said its IT systems were targeted by a cyberattack on the night between April 11 and 12. 

“As we previously reported, we were able to reactivate the remote data monitoring connections to the wind turbines after 1-2 days, which had been switched off for security reasons,” the company explained.  

“We are very happy that the wind turbines that we look after did not suffer any damage and were never in danger. Deutsche Windtechnik's operational maintenance activities for our clients resumed again on April 14 and are running with only minor restrictions.”

The company’s IT team was able to isolate the problems and the company noted that its forensic analysis showed it was a “targeted professional cyberattack.”

It is still working to restore the availability of all communication channels and noted that the incident was reported to the German Federal Office for Information Security (BSI).

The company did not respond to questions about whether it was hit with a ransomware attack, but it showed up on the leak site of the Black Basta ransomware gang according to MalwareHunterTeam, an account on Twitter tracking ransomware groups.

There have been several attacks on German energy providers this year. German wind turbine maker Nordex was forced to shut down its IT systems across multiple locations and business units after it was hit with a cyberattack on March 31.

The attack on Nordex followed an incident where a cyberattack on satellite communications company Viasat caused the malfunction of 5,800 Enercon wind turbines in Germany.

Wind turbine maker Vestas was hit with a ransomware attack in November, and the group behind the attack eventually threatened to leak the data it stole. Like Nordex, the company had to shut down its IT systems across multiple business units and locations to stop the issue from spreading.

Oil companies Oiltanking and Mabanaft, both owned by German logistics conglomerate Marquard & Bahls Group, suffered a cyberattack that crippled their loading and unloading systems in February.

An internal report from the BSI said the BlackCat ransomware group was behind the cyberattack on the oil companies. 

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles
Jonathan Greig

Jonathan Greig

is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.