Danish wind turbine company vestas hit by cyber attack

The Danish wind turbine company Vestas, the largest producer of wind turbines in the world, was recently the victim of a cyber breach. The incident occurred on November 19th and several IT systems across multiple business units and locations had to be shut down to contain the issue. Customers, employees, and stakeholders were promptly warned that they may be affected by the shutdown. The company has not yet provided details pertaining to the nature of the incident but they are working hard with their internal and external partners to resolve the issue and recover their systems.  

Preliminary reports indicate that the breach impacted parts of Vestas’ internal IT infrastructure and that data had been compromised, however, investigations are still ongoing. Vestas’ manufacturing, construction, and service teams have been able to continue operating, although several IT systems were shut down as a precaution.  

The attack is thought to bear the markings of ransomware but the spokesperson for Vestas refused to draw on specifics at this time. Ransomware has prevailed as of late, with other critical infrastructures falling victim to attacks, such as the Colonial Pipeline. As of yet, no major ransomware groups have claimed responsibility for the breach at Vestas. 

The attack was noticed by investors when Vestas’ stock price dropped to a two week low. It came amid a range of issues that the company was already experiencing, including the rise in the cost of raw materials and supply chain issues.  

This attack, like many recently, affects critical infrastructure, it would seem that threat actors are going after riskier targets in the hopes of a higher ransom. Unfortunately, the impact of the cyber attack goes far beyond just affecting Vestas. The economy and society, as a whole, are able to be impacted in tangible ways such as price increases, power grid shutdowns and low customer confidence.