Ransomware Cripples German Automation Company, BEC Operators Arrested in Spain

Cybersecurity incidents affect users and businesses of all sizes across different industries. This report covers two noteworthy incidents that took place in Europe: a ransomware attack crippling a German automation company and business email compromise (BEC) operators getting arrested in Spain.

German automation company reels from ransomware attack

Pilz GmbH & Co. KG, an automation technology company based in Ostfildern, Germany, is still reeling from a ransomware infection after it was hit by a “targeted cyberattack” over a week ago. This incident echoes what Trend Micro observed in its 2019 Midyear Security Roundup – cybercriminals were more selective about their ransomware victims, focusing mainly on high-value targets such as multinationals, enterprises, and government institutions.

The German company was attacked on October 13, 2019, affecting its servers, PC workstations, and global communication network. The attack also disrupted the delivery of shipments. The incident compelled Pilz to notify the prosecutor’s office and Federal Office for Security in Information Technology.

Pilz has already set up an incident response team to investigate the attack and remediate the infection. However, in a statement, the company noted that outages will still continue for several more days, as it has removed all computer systems from the network and blocked access to the corporate network as part of its precautionary measures.

Three BEC operators arrested in Spain

The Spanish Civil Guard arrested three people behind a BEC group that stole roughly €10.7 million or US$11,900,000 as part of Operation Lavanco. The said amount was stolen from 12 countries that include Belgium, Venezuela, Bulgaria, Norway, the United States, Germany, Luxembourg, Portugal, Chile, and the United Kingdom (UK). 

The BEC group had stolen credentials that were collected from spear-phishing attacks – an increasing trend in 2019. In the first half of 2019, Trend Micro™ Cloud App Security™ detected and blocked 2.4 million attacks of this type.

Apart from the stolen credentials, the BEC operators also used the affected companies' manager accounts and customized invoices to wire money to bank accounts they control. In a press release, the Spanish Civil Guard said that the BEC gang had created a complex financial framework of companies and bank accounts to launder the money, adding that researchers have already identified 83 companies and 185 bank accounts related to the scam.

As of this writing, the Spanish Civil Guard has recovered €1,290,000, or over US$1,435,331 – an amount that was divided into 16 bank accounts, which were already blocked.

Security recommendations

The said stories that had taken place in Europe, which involve operation-halting threats and sophisticated schemes, should remind organizations to implement strong cybersecurity measures.

One of these measures include protecting against ransomware. At the endpoint level, the Trend Micro™ Smart Protection Suites deliver several capabilities like high-fidelity machine learning, behavior monitoring and application control, and vulnerability shielding that minimize the impact of ransomware. Meanwhile, Trend Micro™ Deep Security™ solution stops ransomware from reaching enterprise servers — whether physical, virtual, or in the cloud.