Cyber attack on Kisters AG by orchestrated ransomware attack
Cyber attack on Kisters AG by orchestrated ransomware attack
16.11.2021
Company News , Magazin
Cyber attack
Cyber attack on Kisters AG. IT specialists and forensics experts analyze how the attackers were able to penetrate the network despite the company's extensive, multi-level and recognized security precautions. (Image: Gerd Altmann / Pixabay)
Update December 3rd, 2021:
As part of the rebuilding of the KISTERS infrastructure, we have outsourced our e-mail servers (MS Exchange) to the Microsoft Azure cloud. The decisive factor was, on the one hand, our goal to be reachable again by e-mail as quickly as possible, and on the other hand, a technical decoupling of the e-mail server from our internal infrastructure. In doing so, we also take into account the particular threat situation currently identified by the BSI and BKA [ press release BSI ]. Update December 2nd, 2021:
The reconstruction of the internal infrastructure continues to make progress.
We are currently working on restoring the websites of our individual business units.
The 3D printer division is already under
www.kisters-3dp.de
www.projet-3d-drucker.de
www.3d-produktionsdrucker.de
www.zprinter.de available
for you.
Update
December 1st, 2021 : Other KISTERS locations can now be reached again by phone.
Update 11/30/2021 (press release):
Cyber attack on the KISTERS group: expiry of the ultimatum and publication of captured data
On the night of November 11, 2021, the IT company KISTERS was the victim of a cyber attack. The criminal attackers used an orchestrated ransomware attack to secure access to company data, encrypted it and threatened to publish the captured data. The relevant ultimatum has expired.
The responsible data protection authorities have already been informed. Since KISTERS will not engage in such attempts at extortion, the publication of the captured data is to be expected. As soon as information is available as to whether customer data is affected, KISTERS will seek immediate direct contact with those affected. At the same time, the IT company continues to work closely with the security authorities, who will systematically prosecute any publication of data by the hackers as a criminal offense.
Transparent communication is of crucial importance for the KISTERS group. “The safety of our customers and business partners is our top priority. We will therefore immediately share all relevant information with the public, ”said Klaus Kisters, member of the board.
KISTERS is working flat out on a return to regular operations and regularly provides information on its website www.kisters.de about new findings about the criminal attack. In the meantime, many employees of the KISTERS Group can be reached again via their personal e-mail addresses and telephone numbers. Software support is also available again under the familiar contact details. In addition, the e-mail addresses and service numbers listed on the website continue to apply. The reloading of the customers' cloud systems and the extensive virus checks of the customer systems are making good progress.
The KISTERS IT systems already had a high level of protection objectively certified by the ISO standard 27001 in the past. From the extensive analysis of the attack, which is currently still ongoing, conclusions and measures for the future are of course derived. Valuable tips from customers who have had similar experiences will also be incorporated.
Klaus Kisters continues: “In the past few days we have received a lot of encouragement from customers and business partners for our decision not to respond to the blackmailer's financial demands. The path we have chosen to rebuild our IT infrastructure in order to exclude compromises based on the current state of the art has also met with broad approval. I would like to thank you very much for that. "
Update 11/29/2021:
The reloading of the cloud systems is making progress.
From now on, we will only communicate customer-specific updates to the cloud systems in direct customer contact.
In addition, other colleagues are gradually being given access to their e-mail inboxes and the company network.
Update 11/26/2021:
The cloud solutions have been reloaded since Wednesday. This takes several hours per system. The multi-stage virus checks of the customer systems began yesterday. take up to 24 hours. So far, no abnormalities have been discovered in customer systems. From the weekend, the activation of the first systems will take place in a strongly secured environment in our data center. These systems are then checked by our specialist colleagues / consulting and then go into the approval process. Even if this is still a very lengthy and complex process, we consider it necessary to ensure IT security.
In addition, the first colleagues in Aachen, Oldenburg and Vienna received their newly installed computers today. Further employees and locations will follow gradually.
Update 11/25/2021:
Ruling Chambers 6 and 7 of the BNetzA rate the attack on KISTERS AG as an exceptional situation and recommend temporarily using a bilateral exchange for communication with the affected market partners.
In addition, the Federal Network Agency does not intend to pursue failures and obstructions in automated market communication in this context by means of supervisory measures. [ > Message from BNetzA (PDF ]) The KISTERS telephony systems have been rebuilt and are now being gradually put back into operation. Our colleagues in individual locations (such as Aachen and Oldenburg) can already be reached as usual. Other locations will follow. [Contact details]
E-mails to the personal KISTERS addresses of colleagues have been in the mailboxes again since November 14, 2021 and are not lost (e-mails to KISTERS collective addresses since November 20). For security reasons, however, our colleagues do not currently have internal access to their mailboxes. We will inform you here as soon as this changes.
Update 11/24/2021:
The construction of the new IT infrastructure is so far complete that the reloading from the secured backup was started today. The review will then start gradually tomorrow.
Update: 11/23/2021:
“To ensure the security of our customers, we are completely redesigning our systems. Work on this is currently in full swing. Data that we can use from the backup is carefully checked in advance to ensure its integrity and consistency as far as possible. For our cloud customers, we will start restoring the systems tomorrow (Wednesday), from Thursday these systems will be checked immediately and monitored for abnormalities. After that, the approval takes place step by step in the following days and weeks. Your KISTERS contact person: in will then get in touch with you. In parallel, the forensic analyzes will continue. "
Update: 11/21/2021:
"According to the previous forensic analyzes, there are currently no indications that the software products we have delivered have been compromised."
12.11.2021:
Successful cyber attack despite multi-level and recognized security precautions
In the night of November 10th to 11th, 2021, the IT company KISTERS AG suffered a cyber attack. As far as we know so far, despite a strong security system, the attackers gained access to the computer network of the software provider for sustainable resource management via an orchestrated ransomware attack.
Immediately after discovering the attack, KISTERS AG contacted the criminal police and the Federal Office for Information Security BSI and informed the responsible supervisory authorities. In addition, a team of IT specialists and forensic experts immediately began to analyze how the attackers were able to penetrate the network despite the company's extensive, multi-level and recognized security precautions. The investigations are still ongoing.
Company temporarily unavailable
The company currently has no access to its own system as it has been shut down completely to prevent further damage. Accordingly, the company can temporarily not be reached via e-mail or landline phone, but only via the mobile numbers of colleagues. The customers of KISTERS AG have already been informed personally about the attack and the possible consequences as well as the initiated measures, or will be so as soon as access to the systems allows it again.
"In this situation, transparency is the most important asset for us"
KISTERS AG is currently unable to make any statements about which data are affected by the attack. “In this situation, transparency is the most important asset for us. We will inform our customers clearly and openly when we know what data is involved and when we can return to normal business operations, ”says the managing director Klaus Kisters.
"Be available again quickly on all channels"
All experts are currently working in crisis mode. “The first thing we need to do now is to be available to our customers again quickly on all channels. We are working flat out on this, ”continues Klaus Kisters. "In the next step, we will do everything we can to be able to work again and to gain knowledge so that we and other companies can protect themselves even better in the future."
16.11.2021
Company News , Magazin
Cyber attack
Cyber attack on Kisters AG. IT specialists and forensics experts analyze how the attackers were able to penetrate the network despite the company's extensive, multi-level and recognized security precautions. (Image: Gerd Altmann / Pixabay)
Update December 3rd, 2021:
As part of the rebuilding of the KISTERS infrastructure, we have outsourced our e-mail servers (MS Exchange) to the Microsoft Azure cloud. The decisive factor was, on the one hand, our goal to be reachable again by e-mail as quickly as possible, and on the other hand, a technical decoupling of the e-mail server from our internal infrastructure. In doing so, we also take into account the particular threat situation currently identified by the BSI and BKA [ press release BSI ]. Update December 2nd, 2021:
The reconstruction of the internal infrastructure continues to make progress.
We are currently working on restoring the websites of our individual business units.
The 3D printer division is already under
www.kisters-3dp.de
www.projet-3d-drucker.de
www.3d-produktionsdrucker.de
www.zprinter.de available
for you.
Update
December 1st, 2021 : Other KISTERS locations can now be reached again by phone.
Update 11/30/2021 (press release):
Cyber attack on the KISTERS group: expiry of the ultimatum and publication of captured data
On the night of November 11, 2021, the IT company KISTERS was the victim of a cyber attack. The criminal attackers used an orchestrated ransomware attack to secure access to company data, encrypted it and threatened to publish the captured data. The relevant ultimatum has expired.
The responsible data protection authorities have already been informed. Since KISTERS will not engage in such attempts at extortion, the publication of the captured data is to be expected. As soon as information is available as to whether customer data is affected, KISTERS will seek immediate direct contact with those affected. At the same time, the IT company continues to work closely with the security authorities, who will systematically prosecute any publication of data by the hackers as a criminal offense.
Transparent communication is of crucial importance for the KISTERS group. “The safety of our customers and business partners is our top priority. We will therefore immediately share all relevant information with the public, ”said Klaus Kisters, member of the board.
KISTERS is working flat out on a return to regular operations and regularly provides information on its website www.kisters.de about new findings about the criminal attack. In the meantime, many employees of the KISTERS Group can be reached again via their personal e-mail addresses and telephone numbers. Software support is also available again under the familiar contact details. In addition, the e-mail addresses and service numbers listed on the website continue to apply. The reloading of the customers' cloud systems and the extensive virus checks of the customer systems are making good progress.
The KISTERS IT systems already had a high level of protection objectively certified by the ISO standard 27001 in the past. From the extensive analysis of the attack, which is currently still ongoing, conclusions and measures for the future are of course derived. Valuable tips from customers who have had similar experiences will also be incorporated.
Klaus Kisters continues: “In the past few days we have received a lot of encouragement from customers and business partners for our decision not to respond to the blackmailer's financial demands. The path we have chosen to rebuild our IT infrastructure in order to exclude compromises based on the current state of the art has also met with broad approval. I would like to thank you very much for that. "
Update 11/29/2021:
The reloading of the cloud systems is making progress.
From now on, we will only communicate customer-specific updates to the cloud systems in direct customer contact.
In addition, other colleagues are gradually being given access to their e-mail inboxes and the company network.
Update 11/26/2021:
The cloud solutions have been reloaded since Wednesday. This takes several hours per system. The multi-stage virus checks of the customer systems began yesterday. take up to 24 hours. So far, no abnormalities have been discovered in customer systems. From the weekend, the activation of the first systems will take place in a strongly secured environment in our data center. These systems are then checked by our specialist colleagues / consulting and then go into the approval process. Even if this is still a very lengthy and complex process, we consider it necessary to ensure IT security.
In addition, the first colleagues in Aachen, Oldenburg and Vienna received their newly installed computers today. Further employees and locations will follow gradually.
Update 11/25/2021:
Ruling Chambers 6 and 7 of the BNetzA rate the attack on KISTERS AG as an exceptional situation and recommend temporarily using a bilateral exchange for communication with the affected market partners.
In addition, the Federal Network Agency does not intend to pursue failures and obstructions in automated market communication in this context by means of supervisory measures. [ > Message from BNetzA (PDF ]) The KISTERS telephony systems have been rebuilt and are now being gradually put back into operation. Our colleagues in individual locations (such as Aachen and Oldenburg) can already be reached as usual. Other locations will follow. [Contact details]
E-mails to the personal KISTERS addresses of colleagues have been in the mailboxes again since November 14, 2021 and are not lost (e-mails to KISTERS collective addresses since November 20). For security reasons, however, our colleagues do not currently have internal access to their mailboxes. We will inform you here as soon as this changes.
Update 11/24/2021:
The construction of the new IT infrastructure is so far complete that the reloading from the secured backup was started today. The review will then start gradually tomorrow.
Update: 11/23/2021:
“To ensure the security of our customers, we are completely redesigning our systems. Work on this is currently in full swing. Data that we can use from the backup is carefully checked in advance to ensure its integrity and consistency as far as possible. For our cloud customers, we will start restoring the systems tomorrow (Wednesday), from Thursday these systems will be checked immediately and monitored for abnormalities. After that, the approval takes place step by step in the following days and weeks. Your KISTERS contact person: in will then get in touch with you. In parallel, the forensic analyzes will continue. "
Update: 11/21/2021:
"According to the previous forensic analyzes, there are currently no indications that the software products we have delivered have been compromised."
12.11.2021:
Successful cyber attack despite multi-level and recognized security precautions
In the night of November 10th to 11th, 2021, the IT company KISTERS AG suffered a cyber attack. As far as we know so far, despite a strong security system, the attackers gained access to the computer network of the software provider for sustainable resource management via an orchestrated ransomware attack.
Immediately after discovering the attack, KISTERS AG contacted the criminal police and the Federal Office for Information Security BSI and informed the responsible supervisory authorities. In addition, a team of IT specialists and forensic experts immediately began to analyze how the attackers were able to penetrate the network despite the company's extensive, multi-level and recognized security precautions. The investigations are still ongoing.
Company temporarily unavailable
The company currently has no access to its own system as it has been shut down completely to prevent further damage. Accordingly, the company can temporarily not be reached via e-mail or landline phone, but only via the mobile numbers of colleagues. The customers of KISTERS AG have already been informed personally about the attack and the possible consequences as well as the initiated measures, or will be so as soon as access to the systems allows it again.
"In this situation, transparency is the most important asset for us"
KISTERS AG is currently unable to make any statements about which data are affected by the attack. “In this situation, transparency is the most important asset for us. We will inform our customers clearly and openly when we know what data is involved and when we can return to normal business operations, ”says the managing director Klaus Kisters.
"Be available again quickly on all channels"
All experts are currently working in crisis mode. “The first thing we need to do now is to be available to our customers again quickly on all channels. We are working flat out on this, ”continues Klaus Kisters. "In the next step, we will do everything we can to be able to work again and to gain knowledge so that we and other companies can protect themselves even better in the future."
