Engineering giant Weir Group hit by ransomware attack

Scottish multinational engineering firm Weir Group has disclosed an "attempted ransomware attack" that led to "significant temporary disruption" in September.

"The Group is currently managing the consequences of a sophisticated attempted ransomware attack that occurred in the second half of September," the firm said in a Q3 trading update published Thursday.

"Weir's cybersecurity systems and controls responded quickly to the threat and took robust action. This included isolating and shutting down IT systems including core Enterprise Resource Planning (ERP) and engineering applications."

The company says the attack had no impact on Q3 orders since all facilities are operational, and customer impact is currently being mitigated.

Weir Group is also working on progressively restoring capabilities on a partial basis in the coming weeks, in order of business priority. However, it expects issues to still impact its operations in Q4 2021.

The incident also led to shipments, manufacturing, and engineering disruption, which resulted in overhead under-recoveries and revenue deferrals of £50m in September alone.

"While the bulk of the missed September revenue is expected to be shipped in Q4 it is likely that the temporary disruption to our end-to-end value chain will cause some slippage of Q4 revenues into 2022 together with some overhead under-recovery," the engineering group added.

We responded quickly and comprehensively to what was a sophisticated external attack on our business. The robust action to protect our infrastructure and data has led to significant temporary disruption but our teams have responded magnificently to this challenge and have managed to minimise the impact on our customers. We will continue to focus on the safe restoration of all our systems whilst strengthening our future resilience even further. — Jon Stanton, Weir Group Chief Executive

"Our forensic investigation of the incident is continuing and so far, there is no evidence that any personal or other sensitive data has been exfiltrated or encrypted," the group stated.

"We are continuing to liaise with regulators and relevant intelligence services. Weir confirms that neither it, nor anyone associated with Weir, have been in contact with the persons responsible for the cyber-attack."

The group employs more than 11,500 people in over 50 countries and provides services for the mining, infrastructure, and oil and gas markets.

A Weir Group spokesperson declined to provide additional details when contacted by BleepingComputer earlier today.