The Conti hijacker program claimed responsibility for a cyberattack earlier this month on wind turbine giant Nordex, which had to shut down its IT systems and access controlled turbines remotely. Nordex is one of the world’s largest wind turbine developers and manufacturers, with more than 8,500 employees worldwide. On April 2, Nordex reported that it had suffered an early cyberattack and that the company had shut down its IT systems to prevent the attack from spreading.

“The breach was detected at an early stage and immediate response measures were taken in accordance with crisis management protocols. As a precautionary measure, the company has decided to shut down IT systems in various locations and departments,” Nordex said in its initial press release.

However, on March 31, BleepingComputer reported that the company was hacked by the Conti rogue program that shut down the entire platform. Our source also said that Nordex did not know where the attack came from and has launched an investigation. Several emails sent by BleepingComputer to Nordex to confirm that they had been hacked by the hijacker went unanswered.

Nordex has issued an updated statement explaining that they have also disabled remote access to controlled turbines to protect their customers’ assets. They also claim that their research has shown that the attack is limited to their internal systems and does not involve clients’ assets.

“In close cooperation with the relevant authorities, the emergency response team, consisting of internal and external IT experts, is conducting extensive investigations and forensic investigations,” Nordex said in a statement. Said.

The preliminary results of the analysis show that the impact of the event was limited by the internal IT infrastructure. There is no indication that the incident has spread to any external entity or otherwise beyond Nordex’s internal IT infrastructure.”

However, the fact that the gang of extortionists did not leak any data indicates that the company may be negotiating with criminals or that the data was not stolen during the attack.

Conti is an elite extortion operation led by a Russian hacker group known for other notorious malware, including Ryuk, TrickBot, and BazarLoader. Conti gains access to the corporate network, usually after infecting the device with BazarLoader or TrickBot malware through a phishing attack. Attackers will steal files and restore them to their servers as they spread over the network.

This data is then used as part of a double extortion attack to force victims to pay a ransom. The Conti gang recently faced its own data leak after a Ukrainian researcher posted about 170,000 internal chat conversations between Conti extortion gang members and the source code of the Conti extortion program. Due to the activities of a cybercriminal gang, the US government has issued a recommendation for attacks on Conti hijacker programs. Source