Production halted at Sierra Wireless factories following ransomware attack
Canadian multinational Sierra Wireless has halted production at its manufacturing sites across the world after a ransomware attack has crippled its IT systems.
The attack hit the company over the weekend, on Saturday, March 20, 2021, it said in SEC documents filed earlier today.
The ransomware encrypted Sierra's internal IT network, preventing staff from accessing internal documents and systems related to manufacturing and planning, which resulted in the company shutting down its manufacturing sites, most of which rely on up-to-date access to customer orders and product specifications.
Sierra Wireless is one of today's wireless equipment manufacturers. Its products are sold directly to OEMs (official equipment manufacturers) and are embedded in billions of Internet of Things (IoT) devices, cars, smartphones, and industrial equipment. A basic Shodan search for the Sierra Wireless favicon found in some of the company's products that come with an administrative panel reveals more than 103,000 devices installed across the globe, but the number is barely scratching the surface in regards to the company's product reach.
Sierra Wireless operates across the Americas, Asia, and Europe.
The company's website was also impacted by the attack and is currently showing an ""under maintenance"" message.
""At this time, Sierra Wireless believes the impact of the attack was limited to Sierra Wireless systems, as the company maintains a clear separation between its internal IT systems and customer facing products and services,"" a Sierra Wireless spokesperson said.
The company did not say when production systems will come back online.
It is unclear if the attackers managed to steal sensitive information from the company's network, as most ransomware gangs tend to do these days. It is also unclear if the company paid the attackers to decrypt their files and recover their networks or if Sierra Wireless is restoring from backups.
Reached out for comment, Sierra Wireless told The Record they don't plan to discuss incident details as its protocols for dealing with a ransomware attack are ""highly sensitive and confidential.""
The company also withdrew its First Quarter 2021 investors guidance it provided on February 23, 2021, suggesting the ransomware incident is expected to impact Q1 results.
Catalin Cimpanu is a cybersecurity reporter for The Record. He previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.