Three weeks after suffering an attempted cyber attack for ransom, turbine maker Vestas is battling to define the extent of data theft.  It is confident only internal systems have been targeted.

IT systems at the Danish engineer were first infiltrated on 19 November, by assailants calling themselves LockBit.   It is understood that a ransom demand was made.

In a series of updates, the engineering company has warned staff and commercial partners that sensitive data has been compromised.

Three days after the 19 November attack, the engineer announced its belief that its customer-facing and supply chain operations were unscathed.

“Vestas’ manufacturing, construction and service teams have been able to continue operations, although several operational IT systems have been shut down as a precaution”, the company assured stakeholders.

The firm initiated a gradual and controlled reopening of all IT systems.

On 29 November, CEO and president Henrik Andersen announced that most of its IT systems were running again.

“We have been through some tough days since we discovered the cyber incident, and Executive Management and the Board of Directors are thus very pleased that the incident didn’t impact wind turbine operations,” said Andersen.

“There is still a lot of work ahead of us to and we must remain extremely diligent towards cyber threats”, the CEO added.

This Monday, Andersen further confirmed that data stolen had been illegally shared externally.  It appeared to relate solely to internal matters within the company, he said.  The company had notified relevant authorities immediately and had engaged IT security consultants to conduct a ‘forensic investigation’.  That investigation was continuing, the CEO said.

Yesterday Vestas wrote publicly to its 29,000 employees and to business partners, formalising its warning to them of possible theft of personal data.  Though not explicitly targeted by the LockBit gang, information such as email addresses and details such as marital status had been harvested in the raid, the company said.  It recommended continued vigilance.

In May 2020 Elexon, platform provider for the UK’s Balancing & Settlements Code, suffered a cyber attack, again impeding only its internal systems.  The attack’s source was traced within four hours, and BSC declarations and other operations were unaffected.  Speculation at the time centred on the vulnerability of Elexon’s Pulse Secure VPN servers.


Please enter your comment!
Please enter your name here