Chemicals

Industry

Hackers Paralyze only Newsprinting Facility in Switzerland

January 7, 2022

The machines at the Perlen paper factory in the Lucerne town of the same name are at a standstill due to a hacker attack. Newsprint and LWC production at Perlen and packaging production in Müllheim, Germany, which has been down since 7 January, restarted 6 days later on January 13. The chemistry division was not affected and was therefore able to continue production normally.

The factory normally outputs 1400 tons of newsprint paper per day. In a statement, the CPH Group said all IT systems were shut down on the 7th out of an abundance of caution and to contain any spread, strongly suggesting but not confirming they were a ransomware victim. They resumed production in January 13, after 6 days of downtime.

read more

Ransom Not Paid by Italian Chemical Producer Dollmar SpA

October 19, 2022

Ragnar Locker, hits the Italian chemical company Dollmar SpA. The hacking group leaked 35GB of data, including samples on the company’s letterhead, to make it clear that the data in its possession is real.

Publication on a data leak site generally occurs when the company has not paid the ransom.
no further updates.

read more

Chemical Distribution Company Brenntag paid $4.4M Ransom to Darkside Gang

April 28, 2021

Chemical distribution company Brenntag paid a $4.4 million ransom in Bitcoin to the DarkSide ransomware gang to receive a decryptor for encrypted files and prevent the threat actors from publicly leaking stolen data.

At the beginning of May 2021, Brenntag suffered a ransomware attack that targeted their North America division. As part of this attack, the threat actors encrypted devices on the network and stole unencrypted files. From the information shared with BleepingComputer by an anonymous source, the DarkSide ransomware group claimed to have stolen 150GB of data during their attack. To prove their claims, the ransomware gang created a private data leak page containing a description of the types of data that were stolen and screenshots of some of the files.

read more

Chemical Maker Hit in Cyber Attack

January 5, 2022

Fort Lauderdale, Florida-based Specialty chemical maker, Element Solutions Inc., suffered a cyber attack, company officials said Monday.
“Element Solutions recently detected a cyber intrusion on certain of the Company’s information technology systems,” the company said in a statement. “Upon detection of the incident, the company promptly took action to contain it and implement business continuity and data recovery protocols.”

read more

Global IT Firm Recovering From Ransomware Attack

December 19, 2021

Global IT services company, Inetum Group, suffered a ransomware attack December 19, impacting operations in France.
While the global company suffered the hit in France, its operations were ongoing in other parts of the world. Among the multiple sectors the company works with are energy and utilities, aerospace, automotive, and chemicals and life sciences. The company said none of the main infrastructures, communication, collaboration tools or delivery operations for its clients ended up affected.

read more

Infected New HMI Infects Chemical Plant DCS

January 1, 2003

WIZARD SPIDER is a sophisticated eCrime group that has been operating the Ryuk ransomware since August 2018, targeting large organizations for a high-ransom return. This methodology, known as “big game hunting,” signals a shift in operations for WIZARD SPIDER. This actor is a Russia-based criminal group known for the operation of the TrickBot banking malware that had focused primarily on wire fraud in the past.

read more

Blaster Worm Infects Chemical Plant

January 1, 2003

WIZARD SPIDER is a sophisticated eCrime group that has been operating the Ryuk ransomware since August 2018, targeting large organizations for a high-ransom return. This methodology, known as “big game hunting,” signals a shift in operations for WIZARD SPIDER. This actor is a Russia-based criminal group known for the operation of the TrickBot banking malware that had focused primarily on wire fraud in the past.

read more

IP Address Change Shuts Down Chemical Plant

January 1, 2002

WIZARD SPIDER is a sophisticated eCrime group that has been operating the Ryuk ransomware since August 2018, targeting large organizations for a high-ransom return. This methodology, known as “big game hunting,” signals a shift in operations for WIZARD SPIDER. This actor is a Russia-based criminal group known for the operation of the TrickBot banking malware that had focused primarily on wire fraud in the past.

read more

Hacker Changes Chemical Plant Set Points via Modem

January 1, 2002

WIZARD SPIDER is a sophisticated eCrime group that has been operating the Ryuk ransomware since August 2018, targeting large organizations for a high-ransom return. This methodology, known as “big game hunting,” signals a shift in operations for WIZARD SPIDER. This actor is a Russia-based criminal group known for the operation of the TrickBot banking malware that had focused primarily on wire fraud in the past.

read more

SCADA Attack on Production Plant of Global Chemical Company

January 1, 2001

WIZARD SPIDER is a sophisticated eCrime group that has been operating the Ryuk ransomware since August 2018, targeting large organizations for a high-ransom return. This methodology, known as “big game hunting,” signals a shift in operations for WIZARD SPIDER. This actor is a Russia-based criminal group known for the operation of the TrickBot banking malware that had focused primarily on wire fraud in the past.

read more