Vestas Cyberattack

Vestas Wind Systems, the largest wind turbine manufacturer and installer in North America, was hit by a cyber security attack over the weekend forcing them to shut down several IT systems. Vestas is a service provider of wind turbines with 40,000 megawatts (MW) installed and over 36,000 MW in service in the United States and Canada. The company explained that the attack affected several IT services in multiple business units along with customers, employees, and other stakeholders. Vestas is working with internal and external partners to contain the issue and recover their systems. A warning was issued indicating data had been compromised; however, there was no indication that the incident impacted third-party operations including customer and supply chain operations. Although several IT systems were shut down as a precaution, the company’s manufacturing, construction, and service teams were able to continue operations and have gradually and controllably reopened all their IT systems.

Vesta Wind Systems employs 25,000 people, operates manufacturing plants in 16 countries, and generates revenue of nearly $17 billion in U.S. dollars making them a high-profile target for cyberattacks. Vestas has an important role in delivering their services as countries are increasingly adopting pollution-reduction policies and rolling out renewable energy investment programs. Regions relying on wind turbines as a power source could be impacted by the disruptions to the manufacturing, installation, and service processes. With energy shortages pushing prices high and demand continuing to increase, it’s critical for all energy producers to be operational, especially with winter approaching.

A ransomware attack is the likely cause of this cyber security incident, although that has not been confirmed. The pressure on renewable energy providers has dramatically increased due to high gas prices globally and a poor year for wind production. Vestas is trying to re-establish its system’s integrity as the company is continuing to investigate. In 2020, Ransomware attacks increased 485% year-on-year. With new research suggesting that the Conti group is the likely suspect for restarting Emotet, there are more issues security teams must worry about as they head into the winter season. Emotet’s return can cause major shifts in the cybercrime domain, recreating a high-quality source of initial access for ransomware groups.

The cyberattack comes at a particularly bad time for Vestas as the company is struggling with supply chain issues and rising commodity prices. With ransomware groups escalating their attacks for bigger ransom payments, cyberattacks on critical infrastructure industries have increased dramatically, including attacks on Ireland’s Health Service Executive, meat producer JBS, and U.S. fuel pipeline system Colonial Pipeline.

Highly organized criminal operations are expanding their monopolization on the ransomware world, which leads to more opportunities for cybercriminals like Emotet botnet creators to expand as well. These developments indicate why it’s crucial for companies like Vestas Wind Systems to stay ahead of the current threat landscape and improve their network security posture to prevent IT systems from shutting down. At SpearTip, our global network of Security Operations Centers are staffed with certified engineers monitoring for threatening activity 24/7 to prevent data breaches in any manufacturer’s network. The ShadowSpear platform, our advanced endpoint detection and response tool, integrates with complex networks and works with IT and OT technology to protect organizations from devastating compromises. As threat actors continue to target the critical infrastructure sectors, SpearTip defends you.

If your company is experiencing a breach, call our Security Operations Centers at 833.997.7327 to speak directly with an engineer.