EDP Renewables North America (EDPR NA) confirmed a Ragnar Locker ransomware attack that affected its parent corporation’s systems, the Portuguese multinational energy giant Energias de Portugal (EDP).
EDP Renewables North America (EDPR NA) confirmed a Ragnar Locker ransomware attack that affected its parent corporation’s systems, the Portuguese multinational energy giant Energias de Portugal (EDP).
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
Ransomware attacks are particularly concerning for companies with both heavy IT and OT footprints. In the case of EDP Renewables, it appears the attack was contained to their Enterprise systems and mainly confidential information regarding things like billing and contracts was targeted. Though that\’s a significant challenge in and of itself, if such attacks were to permeate into the OT space (due to improper segmentation between IT and OT), they could infect systems critical to energy output, like HMIs and engineering workstations. Luckily, this did not appear to be the case this time.
We are seeing a lot of breaches recently coming through weak links in the supply chain or under corporate umbrellas. It\’s important to be aware of the knock-on effects of poor cyber security. Companies do not exist on their own. They are part of a network of suppliers, customers, and individual employees. When one organisation, even a small one, fails to take their security seriously it can have implications far beyond their own operations. Basic cyber hygiene like keeping software up to date and having secure passwords can go a long way in preventing the majority of breaches like this. Large corporates would do well to require their smaller companies and suppliers to adhere to cyber security guidelines like those set out in the Cyber Essentials scheme.