The Scottish multinational engineering company Weir Group recently disclosed it was targeted in an attempted cyberattack. The ransomware assault attempted against the firm resulted in temporary, but substantial disruption.

A major force in the industrial sector. The Weir Group currently employs over 11,500 people in more than 50 different countries. The services it provides are used in a wide variety of industries, delivering services for the mining, gas, and oil markets.

Acting swiftly to a ransomware attack

In a recent trading update for Q3 of 2021, the company commented on the complex attack, how dedicated security measures were able to respond, and which systems needed to be shut down.

“The Group is currently managing the consequences of a sophisticated attempted ransomware attack that occurred in the second half of September. Weir’s cybersecurity systems and controls responded quickly to the threat and took robust action. This included isolating and shutting down IT systems including core Enterprise Resource Planning (ERP) and engineering applications.”

The Weir Group stated that the September attack had in no way impacted its orders for Q3. All of its facilities were able to remain operational, and any impact from the incident on its customer base was being efficiently mitigated.

The engineering firm also commented that it was working on restoring capabilities progressively over the next few weeks. The systems set to be restored first will be based on the company’s current business priorities.

Effects felt from a cyberattack

The firm expects issues are likely to impact its Q4 operations.

The recent incident has led to disruptions in engineering, shipping, and manufacturing. For the month of September alone, this already translated to revenue deferrals and overhead under-recoveries of approximately £50m.

The engineering giant commented:

“While the bulk of the missed September revenue is expected to be shipped in Q4 it is likely that the temporary disruption to our end-to-end value chain will cause some slippage of Q4 revenues into 2022 together with some overhead under-recovery.”

Weir Group’s Chief Executive Jon Stanton commented that the firm’s teams had “responded magnificently”, answering the challenge and minimising any negative effect on customers. He added that the necessary disruptions were due to the strong course of action taken to protect the company’s data and infrastructure. He said that Weir Group would keep focusing on secure restoration of systems and on strengthening protection levels for even greater resilience.

Forensic investigations into the attempted ransomware attack have so far discovered no indication that either sensitive or personal data was exfiltrated during the incident. There is also no evidence that any data was encrypted by the ransomware gang responsible for the attack.

The Weir Group is currently liaising with both intelligence services and data regulators. It confirmed that no one from the firm or associated with it has had any communication with the entity behind the ransomware attack.

Ransomware groups seek out high-profile targets like the Weir Group, to grow their reputation with both their peers and future victims.