back to article Wind turbine maker Vestas confirms recent security incident was ransomware

Wind turbine maker Vestas says "almost all" of its IT systems are finally up and running 10 days after a security attack by criminals, confirming that it had indeed fallen victim to ransomware. Alarm bells rang the weekend before last when the Danish organisation said it had identified a "cyber security incident" and closed …

  1. Anonymous Coward
    Anonymous Coward

    How to pay Ransomware requests

    Send them the payment details, tell them all they need to do is open the payment spreadsheet and allow the macro to receive the payment ... I'm posting this anonymously because we're processing the malware senders bitcoins at the moment.

  2. Claverhouse Silver badge
    Stop

    Money for Nothing

    The invention of Bitcoin keeps on giving.

  3. 89724102172714182892114I7551670349743096734346773478647892349863592355648544996312855148587659264921 Bronze badge

    I had assuned Vestas only made matches

    1. Ken Moorhouse Silver badge

      Re: I had assuned Vestas only made matches

      Incompatible products, unless Vesta made those wind-proof ones.

      Now if they did have a tie-up with another company, it would be Vesta, the food company. Mind you the turbines would have to be regularly de-commissioned in order to remove the muck...

      TMI

    2. spireite Bronze badge

      Well, there's your mistake.... Turbines are blamed for killing flying birds - Swans?

  4. LordHighFixer
    Megaphone

    Solution

    Every time you even hear of a new ransomware attack, take images of all your servers, and pray they are clean. Patch the hell out of everything.

    And most of all DON'T PAY!.

    1. 9Rune5
      Pirate

      Re: Solution

      Last year I learned to avoid using domain admin accounts.

      If the attack somehow manages to escalate to local admin privs, they can then rummage around in memory and find password hashes belonging to any domain admin that had come this way recently. Several VMs were thus hit.

      We had an old asp.net app running that was using a third-party component that received an important security update a year prior to the attack.

      Our original plan some years ago involved a full rewrite of said asp.net app, but priorities changed and no hands were left on deck.

      A colleague reverse-engineered the attacker's code and got the decryption key, but we already had good backups, so no need.

    2. Mark Exclamation

      Re: Solution

      "....and pray they are clean."

      I can assure you praying will not help one iota, nor will it affect the outcome in any way whatsoever.

  5. Will Godfrey Silver badge
    Unhappy

    They wouldn't say?

    So they did pay then.

  6. Anonymous Coward
    Anonymous Coward

    Profit and loss...

    "The firm also found that ransomware is more lucrative than cocaine trafficking, "

    But a lot less lucrative than building pointless subsidised bird mincers.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022