Massive ransomware attack affects Weir Group’s operations

In its third quarter 2021 earnings report, Scottish multinational engineering firm Weir Group revealed that a hacking group tried to infect its computer networks with ransomware last September, leading to a temporary disruption of some features as part of the incident response process.

This company employs over 11,000 people in 50 countries and provides services for the mining, infrastructure, and oil and gas markets.

According to the report, the company’s cybersecurity systems responded adequately to contain the threat, implementing measures such as isolation and disconnection of affected systems, dosing of business resources and other security measures.

Although the company is expected to continue to experience the consequences of the failed attack over the next month, Weir Group says that this issue had no impact on its operations in the final third quarter of the year, in addition to the impact on the customer experience was reduced to a minimum.

In its report, the company added that the disruptions resulted in insufficient recovery of overhead and a postponement of more than £50 million in revenue for September alone: “The temporary disruption of our processes is likely to cause a fourth-quarter revenue slippage into 2022 along with insufficient recovery of overhead,” mentions Weir Group.

Regarding the ongoing investigation, the company only mentioned that a forensic team is in charge of collecting information about the attack, although they can confirm that the incident did not result in the exposure of confidential information. Weir Group concluded by mentioning that they will continue to contact cybersecurity specialists and regulatory entities in order to address the problem in the best possible way.

Some members of the cybersecurity community tried to learn more about the incident, though a Weir Group spokesperson mentioned that this is all the company can share for the time being.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.