Workers sent home after ransomware attack on major automotive parts manufacturer

German multinational company Eberspächer Group has sent a part of its factory workforce home on paid leave while its management and IT teams are dealing with a ransomware attack that crippled its IT systems over the weekend.

The Eberspächer Group currently employs more than 10,000 workers, operates production plants in 80 locations across 28 countries, and is known for building air conditioning, heating, and exhaust systems, which it supplies to almost all of today's top car brands.

"Eberspächer Group was the target of an organized cyberattack. The IT infrastructure is affected," the company said in a message posted on its website on Monday [archived].

"To protect our customers, employees and partners, the necessary steps were taken immediately to counter the attack with targeted measures," Eberspächer added.

The company's official websites, email systems, office networks, customer portals, and production systems were taken down in the aftermath of the attack, which was detected on Sunday morning

Without the ability to coordinate production and manage customer orders, the company has told some of its factory workforces to stay at home on paid leave while it deals with the outage.

"Our employees are at home with a salary and we keep them updated on the situation," Marie Wiström, CEO of Eberspächer's Swedish subsidiary, told SVT, the Swedish national public television broadcaster.

Workers were also told to stay home in Germany, according to German news outlet SR, and Romania, The Record has learned.

Incident investigated as "computer sabotage and attempted blackmail"

While the company did not go into the finer points of the cyberattack that hit its systems over the weekend, German auto news site Automobilwoche reported that a spokeswoman for the Stuttgart public prosecutor's office said the incident is being investigated as a case of "computer sabotage and attempted blackmail."

A spokesperson for the Eberspächer Group could not be reached via phone or email as these systems are still down at the time of writing.

However, the company announced on Twitter that the Easy Start Web portal, which allows vehicle owners to start Eberspächer heaters remotely, is now back online.

Update: Easy Start Web is available again. Thank you for your patience and we apologize for any inconvenience https://t.co/4wiIWRL4wt

— Eberspächer Group (@eberspaecher) October 26, 2021

The incident at the Eberspächer Group is very similar to what happened to ASCO, a supplier for airplane makers. In June 2019, the company also had to send most of its employees home, on paid leave, after a similar ransomware attack crippled its factories.