Ransomware Attack Hits Engineering Giant Weir GroupProfit Projections Down £25 Million, Revenue Deferrals Put At £50 Million
A ransomware attack on Scottish multinational engineering firm Weir Group, reported in a Q3 trading update, led to several ongoing but temporary disruptions including engineering, manufacturing and shipment rephasing.
Weir Group says in an October 7 statement that in the second half of September it was the victim of a ransomware attack that resulted in revenue deferrals and overhead under-recoveries costing some £50 million ($68 million), and its profit projections for the year are down £25 million ($34 million) as a result of the attack.
"Weir’s cybersecurity systems and controls responded quickly to the threat and took robust action. This included isolating and shutting down IT systems including core Enterprise Resource Planning (ERP) and engineering applications," the firm says in a public statement. "These applications are now restored on a partial basis, and other applications are being brought back online in a progressive manner in order of business priority."
A spokesperson for Weir Group was not immediately available to comment directly to Information Security Media Group.
The attack led to several ongoing but temporary disruptions and the consequences of the operational disruption and associated inefficiencies are expected to continue into the fourth quarter, the company says.
The firm notes that it has found no evidence of any personal or other sensitive data that has been exfiltrated or encrypted and it is continuing to liaise with regulators and relevant intelligence services.
"Weir confirms that neither it, nor anyone associated with Weir, has been in contact with the persons responsible for the cyber-attack," the firm notes.
Jon Stanton, Weir chief executive officer, says the firm responded quickly and comprehensively to what was a sophisticated external attack on its business.
"The robust action to protect our infrastructure and data has led to significant temporary disruption but (our staff) have managed to minimise the impact on our customers. We will continue to focus on the safe restoration of all our systems whilst strengthening our future resilience even further," Stanton notes.
The company says there was no negative impact on orders in Q3 and it continues to deliver full-year order growth. But the rephasing of shipments caused by the cybersecurity incident resulted in Weir Group experiencing revenue deferrals of £50 million in September alongside overhead under-recoveries in manufacturing and engineering.
The company says that the bulk of the missed September revenue is expected to be shipped in Q4 but there will be some slippage of Q4 revenues into 2022 together with some overhead under-recovery.
The company has downgraded its profit guidance by at least £25 million ($34 million) following the attack and now expects full-year profit before taxation to be in the region of £230 million to £245 million ($313 million to $333 million) compared to earlier analyst projections of £270 million ($368 million) according to reports by Scottish newspaper The Herald.
Defensive Plan Required
Chris Clements, vice president of solutions architecture at Cerberus Sentinel, says that this incident reinforces the truth that even with a resilient backup and restore strategy that can help you avoid paying the ransom demand, ransomware can cause significant and lengthy disruption to business operations that cause unexpected costs.
"A comprehensive defensive plan for prevention is required to ensure that your operations remain intact, however, effectively addressing all areas of security to do so is a difficult task," Clements notes. "It really takes a cultural approach to security, starting with buy-in from executive leadership and extending to all roles in the organization. It requires education on the latest security threats and how individuals throughout the organization can respond defensively to prevent cybercriminals from gaining initial footholds through phishing or password guessing attacks."
Clements further recommends concerted efforts from the IT department to implement security best practices, most notably multifactor authentication and system and application hardening controls based on comprehensive standards such as NIST or CIS benchmarks.
"Also crucial is regular penetration testing to validate the organization’s security posture and ensure that no gaps or mistakes have been made that could put the organization at risk. Finally, proper detection and alerting capabilities with continuous monitoring for common attacker IoCs or suspicious behaviors that could indicate that an attacker has gained a foothold into the environment is necessary to identify and quickly respond to a cyberattack before widespread damage can occur," says Clements.