[BreachExchange] Ransomware Attack Foils IoT Giant Sierra Wireless

[Destry Winant]

https://threatpost.com/ransomware-iot-sierra-wireless/165003/

The ransomware attack has impacted the IoT manufacturer’s production lines
across multiple sites, and other internal operations.

A ransomware attack on leading internet-of-things (IoT) manufacturer Sierra
Wireless this week ground its production activity to a halt and froze
various other internal operations.

The Canadian multinational manufacturer creates a broad array of
communications equipment – from gateways to routers, cellular modems to
modules, and smart connectivity solutions for IoT devices.

The ransomware attack first hit on March 20, pushing the company’s IT
systems offline and halting production across its manufacturing sites.
Sierra Wireless’ website and other internal operations have also been
disrupted by the attack, it said on Tuesday. The company’s website (
sierrawireless.com) is currently down, saying “Site is under maintenance.”

The company said that it’s currently working to bring its internal IT
systems back online, and hopes to restart production at its facilities
“soon.”

“Once the company learned of the attack, its IT and operations teams
immediately implemented measures to counter the attack in accordance with
established cybersecurity procedures and policies that were developed in
collaboration with third-party advisors,” according to Sierra Wireless.

Due to the disruptions caused by the cyberattack, the company is also
withdrawing its first-quarter 2021 guidance, which had been provided on
Feb. 23 — highlighting the potential financial damages that the attack may
have on the company.

However, the company said, at this time it does not believe its
customer-facing products and services have been impacted by the attack.
It’s not clear whether customer data has been affected.

At this time, Sierra Wireless did not specify how the cyberattack initially
occurred, what type of ransom was demanded and whether it was considering
paying. It’s also not clear how many production centers have been impacted
by the cyberattack. Sierra Wireless operates a global network operation
center (NOC), and research-and-development centers in Asia, Europe and
North America.

Sierra Wireless declined to comment further: “Beyond notifying the
third-party advisors, our customers and others impacted by the attack, we
do not share our protocols for dealing with any ransomware attacks as this
is considered highly sensitive and confidential,” a spokesperson told
Threatpost.

Matt Sanders, director of security at LogRhythm, said that the incident is
an example of the impact that a ransomware can have on an organization.

“Unfortunately, Sierra Wireless’ entire production has halted thanks to an
attack that has completely debilitated them,” said Sanders. “When an
organization falls victim to ransomware, the pressure to get back to normal
business operations is huge, and the ability to do so in a timely manner
may be pivotal to the company’s ability to continue operating at all.”

Ransomware attacks have continued to plague companies across multiple
industries this year — from a February attack on a major Finnish IT
provider that forced it to turn off some services and infrastructure in a
disruption to customers, to PYSA ransomware attacks in early March
disrupting the education sector.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20210325/c77545ac/attachment.html>