Vestas Wind Systems is one of the leaders in wind turbine manufacturing in North America with 40,000 MW currently installed and another 36,000 MW under service in both the US and Canada.
Recently the company published a breach notification indicating that they had been the subject of a successful cyber attack which occurred on Friday, November 19th.
This forced them to shut down broad swaths of their network infrastructure to keep the attack from spreading. Although Vestas did not specify the exact nature of the attack based on their description it seems likely that the company fell victim to a ransomware attack.
Unfortunately this incident is almost certain to have serious downstream impacts. The company was already struggling with supply chain issues and the shutdown forced them to delay production. That is going to delay the completion of many of the projects Vestas has in the pipeline which will have further impacts as well. Although these are difficult to predict with any accuracy.
According to the latest information provided by the company both the issue itself and the investigation into it are ongoing and the company does not yet have a firm timeline for recovery. Vestas also confirmed that some of the company’s data had been compromised and exfiltrated but did not provide any details as to the specifics of that information.
There have been a number of attacks on critical infrastructure concerns as gangs of cybercriminals seek ever larger payouts. Given that the Vestas attack is very much in line with attacks earlier this year on Colonial Pipeline, Irelands Health Service Executive, and meat processing giant JBS.
If you do business with the company just be aware that their operations have been impacted and that the issue is ongoing so there are almost certain to be delays. Let us hope Vestas is able to resolve the matter quickly.