2 min

Tags in this article

, , ,

The company was the victim of an LV Ransomware attack and claims to have its data stolen.

German power electronics manufacturer Semikron has disclosed that it was hit by a ransomware attack that partially encrypted the company’s network, according to a report in BleepingComputer.

Semikron has over 3,000 employees in 24 offices and 8 production sites worldwide across Germany, Brazil, China, France, India, Italy, Slovakia, and the USA, with a turnover of around $461 million in 2020.

The Nuremberg-based group claims to be one of the world’s leading power engineering component manufacturers, with 35 percent of the wind turbines installed each year operating with its technologies.

“The SEMIKRON Group has been the victim of a cyberattack by a professional hacker group. As part of this attack, the perpetrators have claimed to have stolen data from our system,” the company revealed in a German statement published Monday. “The attack has also led to partial encryption of our IT systems and files. The entire network is currently being studied and adjusted forensic.”

Similar to REvil ransomware attacks

According to an alert issued by the German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik) and seen by BleepingComputer, the ransomware operators are blackmailing the company and threatening to leak allegedly stolen data.

While the company didn’t share any information about the ransomware used in the incident, BleepingComputer reviewed a ransom note deployed on one of the encrypted Semikron systems. The note indicates it was an LV Ransomware attack and says the attackers stole 2 terabytes worth of documents. LV Ransomware uses code that’s similar to the REvil ransomware which struck many businesses across the globe.

Investigating the attackers’ claims

Semikron is investigating attackers’ claims that they stole data from the encrypted systems before encryption with the help of external cybersecurity and forensic experts.

The company added that it also informed and collaborates with relevant authorities throughout the investigation and would alert customers and partners if any evidence of data theft is found.

“At the same time, we are working on restoring the working ability to minimize disruptions for our employees, customers and contractual partners and to ensure the best possible security of our IT systems”, Semikron added.

A Semikron spokesperson was not immediately available for comment when contacted by BleepingComputer on Tuesday.