Major German manufacturer still down a week after getting hit by ransomware

Pilz sensor automation
Image: Pilz

Pilz, one of the world’s largest producers of automation tools, has been down for more than a week after suffering a ransomware infection.

“Since Sunday, October 13, 2019, all servers and PC workstations, including the company’s communication, have been affected worldwide,” the Germany-based company wrote on its website.

“As a precaution, the company has removed all computer systems from the network and blocked access to the corporate network.”

All the company’s locations across 76 countries were impacted and were disconnected from the main network, unable to file orders and check customer statuses.

Coinbase 2

It took Pilz staff three days to regain access to its email service, and another three days to restore email service for its international locations. Access to the product orders and delivery system was restored only today.

Production capabilities weren’t impacted, but unable to check orders, they’ve been hampered and going at slower rates.

Blame BitPaymer

The German company — known for its automation relays, controllers, and sensors — is the latest in a long line of BitPaymer victims, Maarten van Dantzig, Lead Intelligence Analyst at FoxIT, told ZDNet today.

Van Dantzig was able to tie the Pilz infection to BitPaymer after he found and analyzed a BitPaymer sample uploaded on VirusTotal. The sample contained a ransom note with Pilz-related contact details, customized for the company’s network.

BitPaymer is a ransomware strain that appeared in the summer of 2017 and has been tied to several high-profile incidents at Scottish hospitals, the PGA, two Alaskan towns (Matanuska-Susitna and Valdez), Arizona Beverages, in attacks leveraging an iTunes zero-day, and, most recently, at French TV station M6.

But BitPaymer is not your regular ransomware strain. BitPaymer’s authors engage in what’s called “big game hunting,” a term coined by Crowdstrike and which describes the act of going only after high-value targets — in the hopes of extracting a large ransom payment, instead of extorting home consumers for meager profits.

BitPaymer’s Dridex partnership

During the past two years, BitPaymer has been distributed exclusively via the Dridex botnet, van Dantzig told ZDNet.

An ESET report from January 2018 claimed the ransomware was the work of the Dridex authors themselves.

Currently, most experts believe the Dridex gang spends their time sending email spam that infects users with the Dridex trojan, compiles a list of victims, and then deploys BitPaymer on the networks of large companies, in the hopes of extracting huge ransoms after encrypting their files.

Historically, this tactic has been pretty lucrative, and BitPaymer has been tied to ransomware demands going as high as $1 million, Van Dantzig told ZDNet today in a phone call.

This cybercrime model of botnet-ransomware partnership is extremely popular these days. A similar “working relationship” also exists between the operators of the Emotet and TrickBot botnets and the Ryuk ransomware gang.

A surge in activity since April this year

You can easily see BitPaymer’s modus operandi in the chart below, consisting of submissions to ID-Ransomware, an online service sponsored by the MalwareHunterTeam and Emsisoft where ransomware victims can upload samples and detect the type of ransomware they’ve been infected.



BitPaymer submissions to ID-Ransomware in the last 12 months

Source: ID-Ransomware (supplied)

Most ID-Ransomware activity charts are smooth, as there are daily submissions from victims who get infected after opening emails or installing ransomware-infected files.

However, for BitPaymer, this is different. The spikes show occasional infections as the ransomware is deployed on a handful of carefully selected targets, rather than spammed out in every direction. This pattern is specific to “big-game hunting” ransomware operations.

Van Dantzig says companies must understand that once they recover from a BitPaymer infection, their job is not done. System administrators must also remove the Dridex trojan from infected hosts, otherwise they’ll be reinfected again.

In fact, van Dantzig has seen this happen in the past.

Pilz was not immediately available for comment at the time of publishing.

Major German manufacturer still down a week after getting hit by ransomware 1
About the author

E-Crypto News was developed to assist all cryptocurrency investors in developing profitable cryptocurrency portfolios through the provision of timely and much-needed information. Investments in cryptocurrency require a level of detail, sensitivity, and accuracy that isn’t required in any other market and as such, we’ve developed our databases to help fill in information gaps.

Related Posts


E-Crypto News Executive Interviews


Bitcoin (BTC) $ 39,075.00
Ethereum (ETH) $ 2,621.52
Tether (USDT) $ 1.00
Binance Coin (BNB) $ 329.83
Cardano (ADA) $ 1.36
XRP (XRP) $ 0.719950
USD Coin (USDC) $ 1.00
Dogecoin (DOGE) $ 0.198784
Polkadot (DOT) $ 18.45
Binance USD (BUSD) $ 1.00
bitcoinBitcoin (BTC)
$ 39,075.00
ethereumEthereum (ETH)
$ 2,621.52
tetherTether (USDT)
$ 1.00
bitcoin-cashBitcoin Cash (BCH)
$ 539.32
litecoinLitecoin (LTC)
$ 141.44
bitcoinBitcoin (BTC)
ethereumEthereum (ETH)
tetherTether (USDT)
bitcoin-cashBitcoin Cash (BCH)
litecoinLitecoin (LTC)
bitcoinBitcoin (BTC)
ethereumEthereum (ETH)
tetherTether (USDT)
bitcoin-cashBitcoin Cash (BCH)
litecoinLitecoin (LTC)

Automated trading with HaasBot Crypto Trading Bots

Crypto Scams

The World’s Most Infamous Crypto Hacks and Scams
July 31, 2021
Cryptocurrency Exchanges
Cryptocurrency Exchanges and the Plague of Scams and Bans
June 29, 2021
What Role Do Cryptocurrencies Play In The Era Of Ransomware Attacks?
June 9, 2021
Crypto Scams On The Rise As Market Enters Bull Cycle
Crypto Scams On The Rise As Market Enters Bull Cycle
December 22, 2020
Harpreet Singh Sahni perpetrated the Plus Gold Union Coin (PGUC) scam
Sydney Concert Promoter Harpreet Sahni Involved In $50M Crypto PGUC Scam
November 2, 2020

Blockchain/Cryptocurrency Questions and Answers

Short-Sell Cryptocurrency
How to Short-Sell Cryptocurrency: A Brief Overview
July 17, 2021
What Is Klaytn (KLAY) And How Does It Work?
July 16, 2021
Our Crypto Roundup Interview Asks- Do Cryptocurrencies Have a Future?
July 15, 2021
What Is Solana (SOL) And How Does It Work?
June 26, 2021
What Is Plethori Platform And How Does It Work?
June 12, 2021

CryptoCurrencyUSDChange 1hChange 24hChange 7d
Bitcoin39,194 0.47 % 2.33 % 0.30 %
Ethereum2,643.5 1.30 % 5.12 % 15.31 %
Tether1.000 0.04 % 0.14 % 0.29 %
Binance Coin331.13 0.63 % 2.82 % 5.63 %
Cardano1.360 0.12 % 1.63 % 7.19 %
XRP0.7246 0.58 % 1.25 % 12.81 %
USD Coin1.000 0.15 % 0.17 % 0.13 %
Dogecoin0.2000 0.41 % 1.43 % 2.24 %
Polkadot18.60 0.73 % 6.72 % 29.86 %
Binance USD1.000 0.30 % 0.35 % 0.32 %

Bitcoin (BTC) $ 38,939.00
Ethereum (ETH) $ 2,687.61
Tether (USDT) $ 1.00
Binance Coin (BNB) $ 330.52
Cardano (ADA) $ 1.37
XRP (XRP) $ 0.722550
USD Coin (USDC) $ 1.00
Dogecoin (DOGE) $ 0.199105
Polkadot (DOT) $ 18.98
Uniswap (UNI) $ 23.23