Pulp & Paper

Industry

International Paper takes Mill Operations Offline after Cyberattack

February 22, 2024

International Paper is in the process of starting up its Riegelwood Mill after shutting it down due to a cyberattack, a company spokesperson said Thursday morning.

“Late last week, we experienced a cyberattack event on our operating systems at our mill in Riegelwood, N.C.,” IP spokesperson Kimberly Clewis wrote in a statement. “Thankfully, everyone at the mill is safe and there have been no environmental issues.”

The statement said that “out of an abundance of caution, we coordinated an orderly shutdown of the mill to resolve the issue and are in the process of starting up the mill.”

Clewis said the attacker accessed International Paper’s system through a third-party vendor “and did not directly target our company or mill. This event impacted only a limited set of manufacturing systems at the Riegelwood Mill. No other mills, locations or systems were affected.”

read more

Hackers Shut Down Production at Cartonnerie Gondardennes in France

October 28, 2022

A cardboard box manufacturer in Wardrecques, France was hit by a cyberattack, most likely ransomware (Fr: “piratage”). Production was shutdown, and workers sent home. News reports are all in La Voix Du Nord which unfortunately is paywalled, but the headlines and synopsis says enough. The company’s systems were decrypted by a journalist, Damien Bancal, and ransom was not paid.

read more

Hackers Paralyze only Newsprinting Facility in Switzerland

January 7, 2022

The machines at the Perlen paper factory in the Lucerne town of the same name are at a standstill due to a hacker attack. Newsprint and LWC production at Perlen and packaging production in Müllheim, Germany, which has been down since 7 January, restarted 6 days later on January 13. The chemistry division was not affected and was therefore able to continue production normally.

The factory normally outputs 1400 tons of newsprint paper per day. In a statement, the CPH Group said all IT systems were shut down on the 7th out of an abundance of caution and to contain any spread, strongly suggesting but not confirming they were a ransomware victim. They resumed production in January 13, after 6 days of downtime.

read more

Virus Impacts Paper Machine HMI

January 1, 2004

WIZARD SPIDER is a sophisticated eCrime group that has been operating the Ryuk ransomware since August 2018, targeting large organizations for a high-ransom return. This methodology, known as “big game hunting,” signals a shift in operations for WIZARD SPIDER. This actor is a Russia-based criminal group known for the operation of the TrickBot banking malware that had focused primarily on wire fraud in the past.

read more

Paper Company Control System Hit By Blaster

January 1, 2003

WIZARD SPIDER is a sophisticated eCrime group that has been operating the Ryuk ransomware since August 2018, targeting large organizations for a high-ransom return. This methodology, known as “big game hunting,” signals a shift in operations for WIZARD SPIDER. This actor is a Russia-based criminal group known for the operation of the TrickBot banking malware that had focused primarily on wire fraud in the past.

read more

DCS Console Reprogramming Causes Gateway Fault

January 1, 1998

WIZARD SPIDER is a sophisticated eCrime group that has been operating the Ryuk ransomware since August 2018, targeting large organizations for a high-ransom return. This methodology, known as “big game hunting,” signals a shift in operations for WIZARD SPIDER. This actor is a Russia-based criminal group known for the operation of the TrickBot banking malware that had focused primarily on wire fraud in the past.

read more

Broadcast Storm Shuts Down DCS Consoles

January 1, 1997

WIZARD SPIDER is a sophisticated eCrime group that has been operating the Ryuk ransomware since August 2018, targeting large organizations for a high-ransom return. This methodology, known as “big game hunting,” signals a shift in operations for WIZARD SPIDER. This actor is a Russia-based criminal group known for the operation of the TrickBot banking malware that had focused primarily on wire fraud in the past.

read more

Duplicate IP Address Prevents Machine Startup

January 1, 1996

WIZARD SPIDER is a sophisticated eCrime group that has been operating the Ryuk ransomware since August 2018, targeting large organizations for a high-ransom return. This methodology, known as “big game hunting,” signals a shift in operations for WIZARD SPIDER. This actor is a Russia-based criminal group known for the operation of the TrickBot banking malware that had focused primarily on wire fraud in the past.

read more

PLC Password Change

January 1, 1988

WIZARD SPIDER is a sophisticated eCrime group that has been operating the Ryuk ransomware since August 2018, targeting large organizations for a high-ransom return. This methodology, known as “big game hunting,” signals a shift in operations for WIZARD SPIDER. This actor is a Russia-based criminal group known for the operation of the TrickBot banking malware that had focused primarily on wire fraud in the past.

read more