Pilz, one of the world's largest producers of automation tools, has been down for more than a week after suffering a ransomware infection.
"Since Sunday, October 13, 2019, all servers and PC workstations, including the company's communication, have been affected worldwide," the Germany-based company wrote on its website[1].
"As a precaution, the company has removed all computer systems from the network and blocked access to the corporate network."
All the company's locations across 76 countries[2] were impacted and were disconnected from the main network, unable to file orders and check customer statuses.
It took Pilz staff three days to regain access to its email service, and another three days to restore email service for its international locations. Access to the product orders and delivery system was restored only today.
Production capabilities weren't impacted, but unable to check orders, they've been hampered and going at slower rates.
Blame BitPaymer
The German company -- known for its automation relays, controllers, and sensors -- is the latest in a long line of BitPaymer victims, Maarten van Dantzig[3], Lead Intelligence Analyst at FoxIT, told ZDNet today.
Van Dantzig was able to tie the Pilz infection to BitPaymer after he found and analyzed a BitPaymer sample uploaded on VirusTotal. The sample contained a ransom note with Pilz-related contact details, customized for the company's network.
BitPaymer is a ransomware strain that appeared in the summer of 2017 and has been tied to several high-profile incidents at Scottish hospitals[4], the PGA[5], two Alaskan towns (Matanuska-Susitna[6] and Valdez[7]), Arizona Beverages[8], in attacks leveraging an iTunes zero-day[9], and, most recently, at French TV station M6